Gültig ab 18. April 2023
Dieses Dokument ist momentan nur in Englisch vorhanden. Wir danken für Ihr Verständnis.
-------------
Your privacy and protection of Your data is important to Zink Media, LLC (d/b/a Discogs) and Discogs B.V., as well as our affiliates (collectively, “We”, “Our”, “Us” or “Discogs”) and this Privacy Policy (the “Policy”) represents Our commitment to care for Your “personal information” (includes “personal data” and similar terms to describe the data about you as defined by various domestic/international regulations). This Policy applies to the personal information We collect, use, disclose, and sell via Our websites, discogs.com and nearmint.io, other websites we may publish from time to time, applications, and through any associated service, including Application Program Interfaces (“APIs”), (collectively, the “Service”).
This Policy does not apply to personal information collected by or through any other online or offline sites, products, or services not controlled by Us. When You use third party sites, products, or services, You are subject to those third parties’ policies. In addition, this Policy does not cover personal information You independently disclose to other users of the Service. Disclosure of personal information to buyers, sellers, contributors, or other users (collectively, “Other Users”) outside of disclosure to Us should be discussed with those Other Users prior to providing such information. We are not responsible for the privacy or data protection processes of any Other Users of Our Service.
By using Our Service, You confirm that you have read and agree to abide by the terms of this Policy, Our Terms of Service, and other applicable policies found on Our Service. You acknowledge that We will process Your information in the United States, the Netherlands, Japan and any other country where We or Our service providers/processors operate. If You withdraw Your consent to this Policy (by closing Your account, if any, and/or disabling cookies), then You may not have access to certain portions of the Service, including the benefits of membership, buying and selling options, language preferences, etc. In certain cases, We may continue to process Your personal information, but only if We have a legal basis to do so.
We encourage You to review the entire Policy. For quick access to a particular Policy section, click on the desired link below:
GENERAL PRIVACY AND DATA PROTECTION INFORMATION
INFORMATION SHARING AND DISCLOSURE
TRANSFER OF PERSONAL INFORMATION
PERSONALLY-IDENTIFIABLE INFORMATION SUBMITTED BY CHILDREN
NOTIFICATION AND OTHER PRIVACY PREFERENCES
ANALYTICS & DISPLAY ADVERTISING, COOKIES
YOUR PERSONAL INFORMATION RIGHTS
General Privacy And Data Protection Information
We are committed to complying with applicable privacy and data protection laws and regulations designed to protect your personal information, including, but not limited to, both of the European Union (“EU”) and United Kingdom (“UK”) versions of the General Data Protection Regulation ("GDPR"), the UK Data Protection Act of 2018, the California Privacy Rights Act, the Act on the Protection of Personal Information (Japan), the Privacy Act 1988 (Australia), the Lei Geral de Proteção de Dados (Brazil), and other applicable current or future regional, national and state privacy and data protection laws and regulations worldwide as they become effective and are amended. Additional details about the information We collect, the purpose of collection, Your rights, and how to contact us are provided in detail within this Policy.
Data Controller: If you are an EU or UK citizen or you are accessing our Services from within the European Economic Area (“EEA”) or UK and you provide Personal Information to Us, the Personal Information provided to Us in connection with the Service is controlled and processed by Discogs B.V., located at Keizersgracht 555, 1017 DR, Amsterdam, the Netherlands.
Personal Information provided to Us from anywhere outside the EEA or by non-EU citizens in connection with the Service or otherwise is controlled and processed by Zink Media, LLC (d/b/a Discogs), 4145 SW Watson Avenue, Suite 350, Beaverton, Oregon, USA 97005.
Our privacy team can be contacted at privacy [at] discogs [dot] com.
Data Protection Officer:
- Our global Data Protection Officer (HewardMills) can be contacted at dpo [at] discogs [dot] com, by mail to 77 Farringdon Rd, London ECIM 3JU, United Kingdom, or by phone to +44 20 4540 5853.
- Our Data Protection Representative in the UK (DPO Consultancy Limited) can be contacted at ukdpr [at] discogs [dot] com.
Privacy Shield Principles: Zink Media, LLC (d/b/a Discogs) and its holding company, Meta Zink Corporation, comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s)) (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland, as applicable) to the United States in reliance on Privacy Shield. On July 16, 2020, the Court of Justice of the European Union (CJEU) decision in Case C-311/18 (“Schrems II”) invalidated Privacy Shield as a transfer mechanism for personal information between EU and US companies. We have always relied, and will continue to rely, on alternative safeguards, named in Article 47 of the General Data Privacy Regulation (GDPR), for the transfer of EU personal information.
We will continue to honor the Privacy Shield commitments with respect to EU Personal Information transfers and commit to retaining Our Privacy Shield certification. We have certified to the Department of Commerce that We adhere to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov/. We are liable for privacy violations committed by third parties to which We provide Your information as limited by Our contractual agreements with those third parties. All personal information received from the EU, UK and Switzerland will be subject to the Privacy Shield Principles in addition to other measures set forth by the GDPR.
Information Collected
We practice privacy by design and only collect and process that information which is necessary to provide the Service or meet Our legitimate business needs. We conduct risk assessments on Our processing activities to ensure they do not cause undue harm to individuals. Generally, We collect the following categories of personal information from Service users:
|
Category of Information |
Description |
Source of Information |
Purpose |
Information Shared With |
|---|---|---|---|---|
|
Identity and Contact Information |
Identifiers such as a real name, alias, username, gravatar, postal address (shipping), unique personal identifier, online identifier, Internet Protocol address, Session ID (SSID), email address, account name, or other similar identifiers, information submitted on webforms, and information contributed to forums. Additional identifiers including identification number or beneficiary information as it relates to employee benefits and obligations. |
Consumer (User) |
To provide the Service, including account registration, buying, selling, contributing, etc.; When provided with a job application, it is used to consider Your employment with Us or, if employed, to provide benefits or comply with legal reporting obligations |
Operating Systems and platforms; Email service providers; Parties to a transaction (if using the marketplace); Job application information is not shared; Employee benefit information is shared with benefits providers and regulators, as applicable |
|
Commercial Information |
Records of products or services purchased, obtained, or considered, other purchasing or consuming histories or tendencies, or financial identifier (i.e., PayPal ID). |
Consumer (User) |
To provide the Service related to transactions |
Operating Systems and platforms; Email service providers; Parties to a transaction (if using the marketplace) |
|
Technical Information |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding Your interaction with the Service or marketing materials, operating systems and other technology used on Your devices to access the Service. |
Consumer (User); User Device |
To provide the Service, including personalization and performance/ analytics to improve the Service. |
Operating Systems and platforms |
|
Geolocation Information |
Non-precise geolocation data based on Your IP address or other analytics tools. |
Consumer (User); User Device |
To provide the Service, including personalization and targeted advertising |
Operating Systems and platforms *Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” or "sharing" under California Privacy Rights Act) |
|
Professional Information |
Prior work and other related information provided to Us if You apply for a job with Us |
Consumer (User) |
To consider Your employment with Us |
Not shared |
|
Educational Information |
Education information provided to Us if You apply for a job with Us |
Consumer (User) |
To consider Your employment with Us |
Not shared |
|
Inferred Information |
Inferences drawn from any of the information identified above reflecting the Your preferences, behavior, and interests. |
Consumer (User); User Device |
To provide the Service, including personalization and targeted advertising |
Operating Systems and platforms *Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” or "sharing" under California Privacy Rights Act) |
|
Browsing Information |
Browsing data collected via cookies, such as page URL or page metadata |
User Device |
To personalize targeted advertising |
Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” or "sharing" under California Privacy Rights Act) |
We do not collect sensitive personal information, such as information about users’ race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, genetic data, biometric data, or any other protected classes of information. We do not collect any information about criminal convictions and offenses unless such information is surfaced in a job application. Please see California Employees, Contractors, and Job Applicants for additional information about data collected for employment purposes.
We rely on the following lawful bases to collect and process personal information based on the EU and UK versions of the General Data Protection Regulation (“GDPR”):
- Consent: use for a specific purpose based on Your clear consent. Article 6(1)(a) GDPR.
- Contract: use to provide the Service to You pursuant to Our policies or taking steps at the request of the data subject prior to entering into a contract. Article 6(1)(b) GDPR.
- Legal Obligation: use is necessary for Us to comply with the laws in the EEA. Article 6(1)(c) GDPR.
- Legitimate interests: use is necessary for Our legitimate interests that are not overridden by Your personal information protection interests or fundamental rights and freedoms. Article (6)(1)(f) GDPR.
In the case the Personal Data is collected and processed under the California Privacy Rights Act (“CPRA”) we rely on the following legal grounds:
- Business: use by Our or Our service provider’s/processor’s operational purposes that is reasonable and necessary to provide the Service. Section 1798.140(e) CPRA.
- Commercial: use by Us to increase Our revenue, such as by encouraging transactions through the marketplace or user subscriptions to marketing-related emails. Section 1798.140(g) CPRA.
More specifically, Our basis for collecting and using the personal information described will depend on the portion(s) of the Service utilized:
|
Service |
Personal Information Collected |
Purpose of Collection |
Basis for Use |
|---|---|---|---|
|
Browsing |
Cookie-based information related to browsing, Your device, and IP address. Dependent on Your jurisdiction, cookies may only be placed with Your consent. |
Analytics (Service health, usability, etc.) and advertising (with consent, as applicable) |
GDPR: Legitimate Interest; Consent CPRA: Commercial purpose |
|
Registration for discogs.com and Discogs applications |
Username, email address, SSID, IP address, geolocation, browser type/version, and operating system |
Verification of Your identity when You access Our Service, fraud prevention, communication with You, and customization of certain aspects of Your visits, such as language. Registration also allows You to list or purchase items for sale, contribute to the catalogue, and build a collection and wantlist. |
GDPR: Contract, Legitimate Interest; CPRA: Business purpose |
|
Selling |
Full name, address, PayPal Account Name, and VAT and ABN (where applicable) |
Use of the marketplace to engage in transactions with purchasers. |
GDPR: Contract; CPRA: Business purpose |
|
Shipping Labels Service |
Address and phone number |
Population of shipping label(s) on Your behalf |
GDPR: Contract; CPRA: Business purpose |
|
Third Party Payment Services |
1. Depending on whether You are a business or individual: name, date of birth, email address, phone number, company name, tax identification number, bank account information, government issued photo identification, and bank statement or voided check. 2. Username, account creation date, IP address and email address |
1. Identity verification (per financial regulations) - this information is required by Our third party payment processor(s) as outlined in the Discogs Payments Policy. 2. Fraud review for accounts. |
GDPR: Contract; CPRA: Business purpose |
|
Purchasing |
Full name, address, and phone number (optional) |
To complete transaction shipping from seller. We do not collect or store any purchaser payment information, such as credit card information. Such information is provided directly to the seller by the purchaser with no interaction by or through Us. Depending on Your payment option selection, certain third parties may have access to such information (i.e., PayPal, Inc.) |
GDPR: Contract; CPRA: Business purpose |
|
Registration for NearMint |
Email address, name, address, username |
Inventory management service |
GDPR: Contract; CPRA: Business purpose |
|
Marketing Emails |
Email address |
You must sign up (opt in) to receive marketing-related emails. If You have previously consented to receive newsletters or other commercial emails, then You may opt out in Your notification preferences or from within the email messages themselves. |
GDPR: Consent; CPRA: Business purpose, Commercial purpose |
|
Registration to receive Media Kit |
Name, company name, title and email address |
Providing You a copy of the media kit. We collect Your information so that We can communicate with You about potential advertising opportunities. |
GDPR: Consent; CPRA: Business purpose |
|
User Support |
Email address, username (if registered) and other information You provide for the purpose of responding to Your question or concern, including information submitted to Us to make a valid copyright claim, such as name and contact information. |
Reviewing Your questions/concerns and responding to You. We ask that You do not submit any information to Us that is not absolutely necessary for Us to assist You. |
GDPR: Contract, Legal Obligation; CPRA: Business purpose |
|
Error Reporting |
Username, email address, IP address, device information |
Reviewing errors or issues with the Service reported by you directly |
GDPR: Contract; CPRA: Business purpose |
|
Recruitment |
Name and email address, may also include postal address and professional and education history if provided by applicant |
To consider Your employment with Us |
GDPR: Contract; CPRA: Business purpose
|
|
Surveys and Research |
May include username, email address, IP address, device information, some of which is optional dependent on the survey type |
Service improvements (surveys are always optional and subject to consent) |
GDPR: Consent; CPRA: Business purpose, Commercial purpose
|
Cookies : We may use cookies and other technology to keep track of Your online interaction with Our site. Please see the Cookie and Internet Advertising Policy for more information about Your cookie options. We do not participate in any automated decision making, such as profiling (other than for cookie-based targeted marketing), with regards to the Service and Your personal information.
Information Sharing And Disclosure
We share personal information with service providers (processors) that act as an agent to perform tasks on Our behalf and under Our instructions. Examples include providers that assist with payment processing (i.e., PayPal), shipping (i.e., USPS), or providers that We contract with to send emails on Our behalf (i.e., HubSpot). This information is limited only to the information needed to perform the tasks. If certain cookies are enabled on Your device, then We may also share cookie-related information with related service providers, such as analytics and advertising providers or social media companies. Additional information about the service providers/processors We use to support delivery of Our Service is set forth on our Processors List. All service providers/processors are subject to Our ongoing due diligence reviews for compliance with privacy and data protection requirements, as well as contractual terms. For additional information about service provider (processor) and third party privacy practices, please review those partes’ privacy policies and notices.
We will provide You with notice and obtain Your consent, where applicable, in the event We intend to share Your information with a third party (other than as described above) or for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You. Prior to sharing such information, You will be provided with clear, conspicuous, and readily available mechanisms to opt in or out of such sharing, as required by applicable laws and regulations. Except as described in this Policy, We do not otherwise share Your information with any third parties without Your consent or other legitimate basis. We do not provide or sell email addresses or collection/wantlist information to any third party without Your consent. Registered users can control the public availability of their collection/wantlist information in the account settings. Please see “Notification and Other Privacy Preferences” below for additional information on limiting the sharing of Your information.
Affiliates : We may share information within our network of affiliated companies, including Zink Media, LLC, Discogs B.V., and Discogs G.K., in order to provide the Service. Each of Our affiliated companies is subject to the terms of this Policy and follow the same privacy practices. All sharing among affiliates is subject to appropriate documentation and risk assessments.
Cookies : We may share information with advertising companies to serve You targeted advertisements, analytics providers, or social media providers. This sharing is considered a “sale” or "sharing" under the California Privacy Rights Act. Targeted advertisements are considered “sale” under the Virginia Consumer Data Protection Act. You must be 16 years of age or older, depending on your jurisdiction’s minimum age requirements, to use the Service. As a result, We do not sell personal information of consumers under 16 years of age. The information is sourced from cookies/tags placed on Your device. The categories of information shared include:
- Geolocation Information: Non-precise geolocation data based on Your IP address or other analytics tools.
- Inferred Information: Inferences drawn from your online activities reflecting Your preferences, behavior, and interests.
Depending on your location, you may need to opt in/consent to the placement of these and other cookies or you may have the option to opt out of these and other cookies. Please see the Cookie and Internet Advertising Policy for additional information about controlling cookies.
In addition to the above cookie-related actions, California consumers may select the “Do Not Sell or Share My Personal Information” link, which has been included on Our properties as a component of California Privacy Rights Act compliance to block targeted advertising, analytics, and social media cookies upon Your request. See “California Disclosures” below for additional information. Further, Virginia consumers may select the “Do Not Sell My Personal Information” link, which has been included on Our properties as a component of Virginia Consumer Data Protection Act compliance to block targeted advertising upon Your request. See “Virginia Disclosures” below for additional information.
Other Sharing: We may share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our Terms of Service, or as otherwise required by law enforcement or national security requirements. We may also disclose information when requested to comply with a court order, regulatory investigation, or governmental request.
Sensitive/Protected Information: We do not currently collect or process sensitive, special, or protected information except in the employment context. In the event We decide to collect sensitive, special, or protected categories of information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual, genetic data, or biometric data for the purpose of uniquely identifying a natural person) from users or business partners, We will first obtain affirmative and explicit express consent (opt in) from You (Article 9[2][a] GDPR) if We intend such information to be collected, processed or disclosed to a third party. In addition to consent, we perform risk assessments on any processing involving sensitive data. In the event that the legal basis for collection or processing (Article 9[2] GDPR) has changed, we will inform you of the change prior to collection or processing.
Nevada, United States, Residents: We do not sell Your personal information for monetary consideration as set forth in Nevada Senate Bill 220. If We change this practice in the future, We will obtain affirmative express consent (opt in) from You before taking any such action. You can write to Us at Our Help Center to add Your email address to a “do not sell” list. Please note that You are responsible for updating Us in the event that You need to change Your email address on file.
Mobile Devices: You may choose not to provide information related to Your mobile devices. Information on disabling device location permissions can generally be found in Your device settings or by contacting Your carrier or device manufacturer.
Opt-out Preference Signals: You may opt out of online tracking technologies by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). This opt out method is honored for the specific device You are using that includes the opt-out preference signal. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If You choose to use the GPC signal, You will need to turn it on for each device and supported browser or browser extension you use.
Retention And Storage
We retain Your personal information only as long as it is reasonably necessary to provide You the Service and as required by applicable laws and regulations. If You register for an account, but do not activate Your account in the following 14 days, then We will automatically delete Your registration information. If You otherwise use Our Service via Your account without activation in the following 14 days, then We will retain Your registration information.
We may keep the minimal necessary personal information about You after You have deactivated Your account for the period of time needed for Us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce Our agreements.
Information submitted to or obtained via Our Service is maintained on secure servers and cloud platforms in the United States. We work with third parties to deliver the Service, most of which are also located within the United States. Please see our Processors List for details about the third parties that help us deliver the Service to you.
Safeguarding Your Information
The security of your Data is of utmost importance to us. Therefore, We have implemented the following technical and organizational measures to ensure the required level of security to protect Your Personal Data:
Physical Security:
- We use secure facilities by preventing unauthorized persons from access to personal information, and ensuring that off-site data centers and server facilities adhere to similar appropriate controls.
- Our off-site data centers and servers are locked with Radio Frequency ID badges.
Data and Network Security:
- Our internal teams ensure We follow industry best practices for monitoring and maintaining data center firewalls and authentication via hashed and salted passwords.
- We ensure personal information is accessible and manageable only by properly authorized staff, including restricted catalogue query and application access, need-to-know access restrictions, and restrictions on the personal information that can be read, copied, modified and/or removed.
- We use encryption of data residing on offsite backup tapes and data residing on servers at drive level.
- We use encrypted data transfer over SSL and other controls to ensure that personal information cannot be read, copied, modified or removed without authorization during external electronic transmission or transport.
- We maintain full disk encryption of all employee issued laptops.
- We encrypt all data before disposal and/or deletion.
- We vet vendors that process Your data on an ongoing basis for compliance with applicable laws and regulations.
- We use logical separation to ensure that personal information is only processed per the terms of this Privacy Policy and the privacy settings selected by You.
- We utilize input controls to ensure that any personal information is provided and edited by You or by Us at Your direction.
Vulnerability Management:
- Our servers are patched regularly, and critical vulnerabilities are patched as soon as possible.
- We routinely engage third parties to run penetration tests against our system.
Data Backup and Recovery:
- We maintain appropriate contingency plans and data backups in the event of a data loss.
- Data backups are taken on a regular basis, and are secured and encrypted.
- Our backup systems are designed to backup site data regularly.
- We maintain emergency and contingency plans for various systems.
- Our data centers have committed to maintaining SSAE 18 SOC 1 and SSAE SOC2 certifications, which We review on an ongoing basis.
Data Resilience:
- Your data is stored on servers located in the United States.
- We utilize a worldwide CDN of 20+ edge data centers. These data centers provide routing as well as data caching, which helps Us reduce latency and improve the performance of Our network.
Compliance Certifications:
- We are certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
Data Breach Notification:
- Upon awareness and/or discovery of a breach involving Your data, We will contact appropriate regulators, and if deemed appropriate, will notify you directly.
Despite Our efforts, no security measure can be absolute, and there can be no guarantee that Your personal information will not be accessed through malicious means, inadvertent disclosure, or mistake.
Transfer Of Personal Information
Privacy and data protection laws and regulations and their associated transfer requirements vary by location (state, country and region). We strive to comply with transfers of personal information under these laws and regulations by ensuring transfer is made under an appropriate legal basis. We only transfer personal information to those parties that act as service providers or processors with respect to the Service We provide to You, with your consent, or under a legitimate interest or business, or commercial purpose, as described in this Policy. We may also transfer personal information if required to do so by other applicable laws and regulations, including those related to criminal or civil matters.
Our technical infrastructure is located in the United States. If you choose to use the Service, you agree to Our Terms of Service which states that Your personal information will be hosted within Our United States infrastructure and Your personal information is required to be transferred to the United States as a result. We work with third parties to deliver the Service, most of which are also located within the United States. We conduct risk assessments and require additional contractual requirements where the third parties we work with are located outside of the United States. Please see our Processors List for details about the third parties that help us deliver the Service to you and the locations of those parties.
To the extent that We transfer Your personal information outside of Your country of residence, We rely on the following types of mechanisms to ensure the security of that information:
- Data Processing Agreements
- Model Clauses (i.e., EU standard contractual clauses and jurisdictional amendments), found here.
- EU Adequacy Decisions, found here.
- Risk Assessments (i.e., data transfer risk assessments, processing activity risk assessments)
- Ongoing monitoring of recipient country’s personal information protection systems
In the event that We go through a business transfer such as a consolidation, merger, restructuring, acquisition, or sale of part or all of Our assets, We will obtain Your consent to the transfer of Your information as permitted by law and to the continued use of Your information by the recipient following the transfer so long as they comply with this Policy.
Personally-Identifiable Information Submitted By Children
The Service is not intended for use by children under 16 years of age in the United States. Please consult local laws for age restrictions in additional jurisdictions. IF YOU ARE UNDER THE MINIMUM AGE FOR YOUR JURISDICTION, DO NOT USE OR ACCESS THE PROVIDER SERVICES AT ANY TIME OR IN ANY MANNER. If We determine that personally-identifiable information of children under the minimum age has been collected, We will remove the information from the Service. If You are a parent or guardian and learn that a child under the minimum age has created an account, You may contact Us and request that the information be removed from the Service at privacy [at] discogs [dot] com.
California Disclosure
We do not collect or process “Sensitive Personal Information” as defined in Section 1798.40 of the California Privacy Rights Act of 2020.
Right to Know About Personal Information Collected
Please refer to the “Information Collected” and “Information Sharing and Disclosure” sections above.
Do Not Sell or Share My Personal Information/Notice of Right to Opt-Out of Sale or Sharing of Personal Information
We allow targeting, performance, and social media cookies to be placed on Our sites by third parties for other valuable consideration for the purpose of targeted advertising by programmatic advertisers, analytics for Service performance reviews and improvements, and social media interactions, respectively. These third parties use information from cookies, such as Your geolocation and browsing behavior to serve You personalized advertisements. We do not otherwise “sell” or "share" (as defined by the California Privacy Rights Act) any personal information. We only share Your personal information with others for the limited purpose of providing the Service to you. If You are a California site visitor or user, then You must select the “Do Not Sell or Share My Personal Information” link available on the Service to block (opt out of) all targeting, performance, and social media cookies from Our Service on Your device. Opting out via the link will place a strictly necessary cookie on Your device to identify You in future interactions with Our Service so that targeting, performance, and social media cookies are not placed during those subsequent interactions. Since this action must be performed by a person using Your device, We do not conduct any identity verification with respect to Your exercise of this right. We also honor opt-out preference signals as discussed above under “Opt-out Preference Signals.” You may contact Us at privacy [at] discogs [dot] com for additional information about Your opt out rights. Please see the Cookie and Internet Advertising Policy for additional information about cookies on or related to Our Service and steps You can take with respect to those cookies.
Right to Know, Right to Correct, and Right to Delete
You may submit a request for the categories and specific information that We have collected about you, request correction of Your information, or request that We delete any personal information about You that We have collected, subject to certain exceptions. Refer to your Personal Information Rights section below for information on submitting requests regarding your rights.
Information Submitted by Minors under 18 in California
If You are a minor under the age of 18 residing in the State of California, United States, You have additional rights under California law. You may request removal of any information or content You posted while under the age of 18. We cannot ensure that removal of information You provided to the Service will be complete or comprehensive (i.e., information posted to public groups and forums that may be accessed by non-users) but it will be complete and comprehensive on Our part (i.e., user account information). In addition, if at any time You delete Your account, We will remove Your information from the Service. Deletion and removal of information is subject to exceptions to maintain certain information as described in the “Retention and Storage” section of this Policy.
Your California Privacy Rights (Shine the Light Law)
We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light law”) with third parties for their direct marketing purposes absent Your consent. If You are a California resident, You may request information about Our compliance with the Shine the Light law by contacting Us by email to privacy [at] discogs [dot] com or by sending a letter to Zink Media, LLC (d/b/a Discogs), 4145 SW Watson Avenue, Suite 350, Beaverton, Oregon, USA 97005. Any such request must include "California Privacy Rights Request" in the first line of the description and include Your name, street address, city, state, and ZIP code. Please note that We are only required to respond to one request per user each year, and We are not required to respond to requests made by means other than through this email address or mail address.
Virginia Disclosures
Right to Know Categories of Personal Data Processed by Us
You may submit a request for the categories that We have processed about you, subject to certain exceptions. Refer to the “Your Personal Information Rights to Access, Alter, or Erase Your Personal Information” section below for information on submitting requests regarding your rights pursuant to Your Right to Know under the Virginia Consumer Data Protection Act.
Right to Know the Purpose of Processing
Please refer to the “Information Collected” and “Information Sharing and DIsclosure” sections above regarding Your right to know purposes of processing.
Right to Know Categories of Personal Data Shared with Third Parties and the Categories of Third Parties
Please see Our Processors List for details about the third parties that help Us deliver the Service to You.
Do Not Sell My Personal Information/Notice of Right to Opt-Out of Sale of Personal Information
We allow cookies to be placed on Our sites by third parties for monetary consideration for the purpose of targeted advertising by programmatic advertisers. These third parties use information from cookies, such as Your geolocation and browsing behavior to serve You personalized advertisements. We do not otherwise “sell” (as defined by the Virginia Consumer Data Protection Act) any personal information. We only share Your personal information with others for the limited purpose of providing the Service to you. If You are a Virginia site visitor or user, then You must select the “Do Not Sell My Personal Information” link available on the Service to block (opt out of) targeted advertising cookies from Our Service on Your device. Opting out via the link will place a strictly necessary cookie on Your device to identify You in future interactions with Our Service so that targeted advertising cookies are not placed during those subsequent interactions. Since this action must be performed by a person using Your device, We do not conduct any identity verification with respect to Your exercise of this right. We also honor opt-out preference signals as discussed above under “Opt-out Preference Signals.” You may contact Us at privacy [at] discogs [dot] com for additional information about Your opt out rights. Please see the Cookie and Internet Advertising Policy for additional information about cookies on or related to Our Service and steps You can take with respect to those cookies.
How to Exercise Your Rights and Appeal
Please refer to “Your Personal Information Rights” on how to exercise Your Rights and how to appeal.
Notification And Other Privacy Preferences
We do not send spam and do not permit spam on or through Our Service. We comply with the CAN-SPAM Act of 2003 (US) and applicable international anti-spam regulations. Portions of Our Service include account registration or opt in to receive emails. You may opt out of those portions at any time. Information about privacy and notification preferences within the Service, including opt in and opt out settings, can be found in Our How To Adjust Account, Notification & Other Privacy Preferences help document.
Public Groups & Forums
Information You post to the public areas of the Service (groups / forums / searchable catalog) is not private, and is not protected under this Policy. Please exercise caution when disclosing Your information in these areas. You acknowledge that Other Users and the public, in general, not covered by this Policy will have access to Your public postings and We cannot be responsible for any subsequent use of personal information contained in Your public postings.
Analytics & Display Advertising, Cookies
We use cookies to provide the Service for functional reasons (such as personalisation), to measure performance (analytics), and for targeting online advertisements. Depending on Your location, You may have the ability to control certain cookie settings available on the Service. Our Service will respect browser settings as “do not track,” “private,” "opt-out preference signals" (as discussed above), or the like from supported browsers. Not allowing cookies may affect certain functionality of the Service. See Our Cookie and Internet Advertising Policy for more information about how cookies are used with the Service.
Your Personal Information Rights
Identity Verification and Authorized Agents
If You submit a request to exercise Your rights under any privacy or data protection law and regulation, We will need to verify your identity prior to complying with Your request. We verify requests by confirming the email address that sent the request is attached to a registered account on Our system. Erasure/Deletion requests include a second verification from the user sending the request. If You do not have an account with Us the only data We collect and process is (i) made available via cookies as allowed by law or regulation, which You can manage via Your “Cookie Settings” or “Manage Preferences” link on the Service in applicable jurisdictions, or (ii) any email address and country (as applicable) that You provide when signing up for Our email subscriptions and you may unsubscribe via the email links at any time.
Your authorized agent may be able to make a request to exercise Your rights on Your behalf. Please contact Us at privacy [at] discogs [dot] com to do so.
Consent
Where You have provided Your consent to any part of the Service, You may withdraw that consent at any time. To withdraw Your consent to Our policies in their entirety, you must cease using the Service. You may also withdraw Your consent to certain processing activities within the Service within Your account settings. Finally, You may withdraw Your consent to marketing-related email using the “unsubscribe” button found in those emails and, in some cases, within Your account settings.
Automated Decision Making
We do not participate in any automated decision making. All activities within the Service undergo human review.
Access
You have a right to access Your personal information that We collect/process/store or personal information that We “sell” or "share" (as those terms are defined by various laws). Personal Data We “sell” or "share" (as defined by the California Privacy Rights Act) is limited to information generated by cookies and tags related to targeted advertising, analytics and social media. See Our Cookie and Internet Advertising Policy for more information. We do not otherwise “sell” Your Personal Data.
Other than Your IP address, geolocation, SSID, device information and operating system (collected when you access the Service), information collected via cookies (with your consent, as applicable), and information that You provide to Us in Your support requests, all personal information We collect from registered users can be found in Your user profile by reviewing:
- Discogs.com accounts: Your User Profile Settings and the additional settings noted in the menu on the left side of the page (i.e., Notification, Privacy, Buyer, Seller, etc.).
- Nearmint.io accounts: Your Account page.
- Other accounts: Your vinylhub.discogs.com Profile settings.
In addition,
- We offer email subscription services available to both registered and non-registered users that collect only an email address provided directly by the user.
- For those jurisdictions where We provide a cookie banner, cookie settings specific to Your device can be viewed via the “Cookie Settings” or “Manage Preferences” links located on Our Service.
Additional information about privacy and notification preferences within the Service, including opt in and opt out settings, can be found in Our How To Adjust Account, Notification & Other Privacy Preferences help document.
Personal information We “sell” or "share" (as defined by the California Privacy Rights Act) is limited to information generated by cookies and tags related to targeted advertising, analytics and social media. See Our Cookie and Internet Advertising Policy for more information. We do not otherwise “sell” Your personal information.
You may also access Your personal information and how it is used and shared by completing the Request Access of Data form in Our Help Center. We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law. Additional questions may be submitted to privacy [at] discogs [dot] com.
Rectification, Restriction, and Objection
We want to make sure that Your personal information is accurate and up to date. Information within the Services is limited to that information that You have provided directly. If You would like to rectify personal information that You have previously provided to Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what information You would like to have changed, whether You would like to have Your personal information suppressed from Our catalog or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You request that We restrict processing or if You object to the processing of certain information.
If You would like to restrict or object to the processing of personal information that You have previously allowed by Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what information You would like to restrict or object, or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You object or request that We restrict processing of certain information.
If You would like to object to the processing of personal information that You have previously allowed by Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what processing You would like to object or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You object to the processing of certain information.
In all cases, We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law. In the event that this time period needs to be extended, we will comply with applicable laws or regulations when it comes to notifying You of such an extension and reason for the extension. Additional questions may be submitted to privacy [at] discogs [dot] com.
Erasure/Deletion
You have a right to obtain erasure or deletion of the personal information You have provided to Us related to Your use of the Service. Exercising this right will result in closure of any account You have opened and removal of any items You have listed in your collection, wantlist or for sale in the Marketplace. In addition, exercising this right will impact certain functionality of the Service available to You online. If You request erasure or deletion, pursuant to the Terms of Service, (i) Your user-generated content contributions will be anonymized by having the user name replaced by a generic term (i.e., "previous user1234" or simply "anonymous1234"), and (ii) We are entitled to continue using this anonymized user-generated content. We cannot guarantee that Your username as associated with any information You posted in public forums and discussions will be fully erased as Other Users have access to those portions of Our Service and may have used or republished such information, including Your username, subject to Our Terms of Service, prior to the time of Your request. We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law or as set forth below. We may need to maintain certain information for additional days in order to carry out Our contractual obligations to You. For example, We provide support for transaction disputes for 90 days following the date of transaction. In addition, We may maintain minimal personal information on You for a reasonable period of time if You have violated the Terms of Service resulting in an account suspension or ban in order to protect other users or pursuant to any regulatory or legal exceptions allowing Us to maintain the information. You may submit a request for erasure or deletion by completing the Request Erasure of Data form in Our Help Center. Additional questions may be submitted to privacy [at] discogs [dot] com.
Human Interference
Under various data protection regulations, You have a right to not be subjected to a decision that produces legal or significant effects on You, and is based solely on automated processing, including profiling. This means that You have a right to human interference in processing activities. Outside of cookie-based targeted marketing, We do not conduct any processing activities where Your data is processed based solely on automated decision-making (including profiling). If We consider using automated decision-making for additional processing activities in the future, this Policy will be updated and We will provide additional notification to You when required.
Portability
You have a right to receive the personal information concerning You, which You have provided to Us, in a structured, commonly used and machine-readable format and You have the right to transmit those data points to another controller where Our processing is based on Your consent or any contract You have with Us and the processing is carried out by automated means. You may submit a request for portability by completing the Request Portability of Data form in Our Help Center. Additional questions may be submitted to privacy [at] discogs [dot] com.
Appeal
If We are unable to fulfill Your request, You may formally appeal the action by contacting Us at privacy [at] discogs [dot] com. We will respond to Your appeal within required time frames outlined by the privacy and data protection laws of Your jurisdiction.
Non-Discrimination Policy
We do not discriminate against users of Our Service, whether You use the Service without incident or choose to exercise Your rights under any applicable laws or regulations.
Complaints
If You believe that Your privacy rights have been breached or that Your personal information has been compromised as a result of using Our Service, please contact Us via the Help Center or at privacy [at] discogs [dot] com. We may ask for additional information to confirm Your identity prior to assisting with Your complaint. We will respond to Your complaint within 30 days of receipt, unless a shorter time period is required by local laws and regulations, if permitted by law and may request additional information from You to complete Our investigation. You may also contact us as follows:
- Our global Data Protection Officer in the EU (HewardMills) can be contacted by email at dpo [at] discogs [dot] com, by mail to 77 Farringdon Rd, London ECIM 3JU, United Kingdom, or by phone to +44 20 4540 5853.
- Our Data Protection Representative in the UK (DPO Consultancy Limited) can be contacted at ukdpr [at] discogs [dot] com.
If You are a resident of the EU or EEA and feel that Your privacy has been infringed by Our Service or practices, You have the right to lodge a complaint directly with a supervisory authority in Your member state of residence, place of work or place of the alleged infringement. The name and contact details of the Data Protection Authorities in the European Union can be found here. Our lead supervisory authority is Autoriteit Persoonsgegevens (The Netherlands).
If You are a resident of the UK and feel that Your privacy has been infringed by Our Service or practices, You have the right to lodge a complaint directly with the UK Information Commissioner’s Office (ICO).
For complaints about content users or We have added to Our Service or items listed for sale through the marketplace that relate to the Digital Millennium Copyright Act or other copyright laws and regulations, please review the How Do I Report Copyright Infringement information documentation.
Dispute Resolution
In the event that We are unable to resolve any complaint or dispute that You bring to Our attention, You may contact an independent dispute resolution body free of charge. We have chosen JAMS as Our independent recourse mechanism. You can file a claim with JAMS at the following website: https://www.jamsadr.com/eu-us-privacy-shield. In some cases, You may be able to invoke binding arbitration.
General
We may amend this Policy at any time by posting the amended terms on this site and notifying You of material changes to the Policy along with an opportunity to opt in to changes that require Your consent by law or regulation or to opt out of any changes that decrease Your rights under this Policy. All non-material changes to Our terms are effective on the effective date of the Policy. We encourage You to review this Policy from time to time. By continuing to use the Service after non-material changes are effective, or after being notified of a material change, You will be deemed to have accepted the changes.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission in connection with Our Privacy Shield compliance.
Contact Us
- You can contact Us about this Policy and Our practices via Our Help Center or at privacy [at] discogs [dot] com.
- Our global Data Protection Officer (HewardMills) can be contacted by email at dpo [at] discogs [dot] com, by mail to 77 Farringdon Rd, London ECIM 3JU, United Kingdom, or by phone to +44 20 4540 5853.
- Our Data Protection Representative in the UK (DPO Consultancy Limited) can be contacted at ukdpr [at] discogs [dot] com.