Effective Date: October 19, 2018
We comply with the the General Data Protection Regulation. Additional information about Our Data Protection Officer, information We collect, the purpose of collection and Your rights are provided in detail within this Policy.
We comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov/. See below for additional information on the types of information We collect, how We use it and to whom and when it is disclosed. We are liable for privacy violations committed by third parties to which it provides Your information as limited by Our contractual agreements with those third parties. All Personal Information received from the EU and Switzerland will be subject to the Privacy Shield. If You have a privacy-related complaint, please complete Our Privacy Complaint Form. Additional forms related to Your rights to access, erasure and portability can be found in Our support center. You can also submit general privacy-related complaints or questions through the support center.
Personal Information provided to Us in connection with the Services or otherwise is controlled and processed by Zink Media, LLC (d/b/a Discogs), PMB #323, 6663 SW Beaverton-Hillsdale Highway, Portland, Oregon, USA 97225-1403, firstname.lastname@example.org. Our EU representative is Discogs B.V., located at Korte Leidsedwarsstraat 12, 1017 RC Amsterdam, the Netherlands, email@example.com.
Data Protection Officer
Our Data Protection Officer is Saskia Wenge. Our Data Protection Officer can be contacted at s.wenge [at] dpoconsultancy [dot] nl.
Collection of Personal Information
- If You register to use the Services, We collect: Your username, email address, geolocation and IP address.
- If You register to sell items using the Services, Discogs and Discogs Exclusives collect certain additional Personal Information: Your address and PayPal Account Name to allow You to engage in transactions and make use of the Services. If You use Our Shipping Labels Services, then We will also collect Your address.
- If You elect the Discogs Payments Service, then You will need to provide additional information depending on whether You are a business or individual, which may include: name, date of birth, email address, phone number, company name, tax identification number, bank account information, government issued photo identification, and bank statement. We also collect Your username, account creation date, IP address and email address for fraud review related to this Service.
- When You purchase items using the Services, Discogs and Discogs Exclusives collect certain additional Personal Information: Your address. We do not collect or store any purchaser payment information, such as credit card information. Such information is provided directly to the seller by the purchaser with no interaction by or through Us. Depending on Your payment option selection, certain third parties may have access to such information (i.e., PayPal, Inc. or Adyen B.V.)
- If you register for Cratediggers.com, we collect your email address and country in order to provide you with relevant information about upcoming, local events.
- If You send Us an email with a question or support issue, We collect: Your email address and other information You provide for the purpose of responding to Your question.
- We keep Your Personal Information as long as necessary to provide the Services to You and as required by applicable laws and regulations.
- If You decline to provide Us with any Personal Information as described above, certain features of the Services may be unavailable to You, such as selling or buying through the Marketplace. Discogs Exclusives utilizes a guest checkout process and can be accessed without a user account.
- We Ourselves generally do not collect Personal Information about You from any source other than You. However, We may receive information about Your location and Your device from Your carrier when You use the Services online or download Our app.
Information We Store When You Access the Services
- We retain Your Personal Information only as long as needed to provide You the Services. Except as otherwise provided by this Policy, or when deleted or destroyed at Your request, We typically maintain data and communications for a period of two years as is common in the industry. We may keep the minimal necessary data on You after You have deactivated Your account for the period of time needed for Us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce Our agreements. For example, We maintain transaction data for seven (7) years for financial reporting and certain personal data on banned accounts for up to ten (10) years to assist with fraud and abuse prevention.
We use the Personal Information We collect to:
- Provide the requested Services, such as contributing information to the database or allowing for the purchase or sale of items through the site.
- Personalize the Services for You and to communicate with You.
- Send You emails from Discogs.com and its affiliated websites (including, but not limited to, Gearogs.com, Filmo.gs, Bookogs.com, Comicogs.com, Posterogs.com, Vinylhub.com, Exclusives.Discogs.com, and Cratediggers.com) which may include newsletters, relationship and transactional messages, and marketing promotions. If You have previously consented to receive newsletters or other commercial emails, then You may opt out in Your notification preferences or from within the email messages themselves.
- We do not participate in any automated decision making, such as profiling, with regards to the Services and Your Personal Information.
- We share information with third parties (processors) that act as an agent to perform tasks on Our behalf and under Our instructions. Examples include third parties that assist with payment processing (i.e., PayPal), shipping (i.e., USPS), or third parties that we contract with to send emails on Our behalf (i.e., MailChimp).
Please note that if You process payments through Discogs Payments, in the U.S., You will be contracting for this service directly with Zink Media, LLC (d/b/a Discogs), and in the EU, You will be contracting for this service directly with Discogs B.V. sending emails on Our behalf, and fulfilling orders for merchandise purchased directly from Us (i.e., Discogs paraphernalia). In both cases, the payment processor working on Our behalf is Adyen B.V. This information is limited only to the information needed to perform the tasks.
Additional information about the processors We use to support delivery of Our Services is set forth at Discogs Processors.
- We may share information with domestic and foreign affiliates controlled by Us, including Meta Zink Corporation, Discogs B.V., Discogs G.K., and Crate Diggers LLC. Our affiliates are subject to the terms of this Policy and follow the same privacy practices as Us. We are the primary Data Controller for Personal Information collected and processed through Our and Our affiliates’ sites and services. All sharing is subject to the Privacy Shield frameworks noted above.
- We may share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our terms of service, or as otherwise required by law enforcement or national security requirements. We may also disclose information when requested to comply with a court order, investigation, or governmental request.
- We do not otherwise share Your information with any third parties.
- We do not provide or sell email addresses or collection/wantlist data to any third party without Your consent.
- We do not provide or sell Your Personal Information or any other information You have provided to Us to any third party for direct marketing or advertising purposes without Your consent.
Limiting the Use and Disclosure of Your Personal Information
We will provide You with notice in the event We intend to share Your information with a third party (other than as described above) or for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You. Prior to sharing such information, You will be provided with clear, conspicuous, and readily available mechanisms to opt in to such sharing, as required by applicable laws and regulations.
In the event We decide to collect sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), We will first obtain affirmative express consent (opt in) from You if We intend such information to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by You through the exercise of an opt-in choice.
You may choose not to allow cookies. Information on cookie settings can generally be found through the help feature of Your browser. If You block or otherwise disable Our cookies, certain Services may not be available. Please see the Cookie and Internet Advertising Policy for additional information.
You may choose not to provide information related to Your mobile devices. Information on disabling device location permissions can generally be found in Your device settings or by contacting Your carrier or device manufacturer.
If You withdraw Your consent to this Policy (by closing Your account, if any), then You may not have access to certain Services, including the benefits of membership, buying and selling options. In certain cases, We may continue to process Your Personal Information, but only if We have a legal basis to do so.
We use the following security measures and technologies to protect Your data:
- Physical access controls, including secured premises to prevent unauthorized persons from gaining access to Personal Information, and ensuring that off-site data centers and server facilities adhere to similar appropriate controls;
- System access controls to prevent unauthorized access and use of Personal Information, which vary based on the nature of information processing, but may include: industry standard firewalls, authentication via hashed and salted passwords;
- Data access controls to ensure Personal Information is accessible and manageable only by properly authorized staff, including restricted database query and application access, need-to-know access restrictions, and restrictions on the Personal Information that can be read, copied, modified and/or removed;
- Transmission controls, including encrypted data transfer over SSL and other controls to ensure that Personal Information cannot be read, copied, modified or removed without authorization during electronic transmission or transport;
- Input controls to ensure that any Personal Information is provided and edited by You or by Us at Your direction;
- Data backups are taken on a regular bases, and are secured and encrypted;
- Despite Our efforts, no security measure can be absolute, and there can be no guarantee that Your Personal Information will not be accessed through malicious means, inadvertent disclosure, or mistake. If We are the source of a breach, We will contact You and describe the breach, along with Our mitigation actions. Where applicable, We will provide appropriate identity theft prevention and mitigation services at no cost to the affected person for not less than 12 months.
Personally-Identifiable Information Submitted by Children
The Services are not intended for use by children under 13 years of age in the United States. Please consult local laws for age restrictions in additional jurisdictions. IF YOU ARE UNDER THE MINIMUM AGE FOR YOUR JURISDICTION, DO NOT USE OR ACCESS THE PROVIDER SERVICES AT ANY TIME OR IN ANY MANNER. If We determine that personally-identifiable information of children under the minimum age has been collected, We will remove the information from the Services. If You are a parent or guardian and learn that Your child under the minimum age has created an account, You may contact Us and request that the information be removed from the Services at firstname.lastname@example.org.
Information Submitted by Minors under 18 in California
If You are a minor under the age of 18 residing in the State of California, United States, You have additional rights under California law. You may request removal of any information or content You posted while under the age of 18. We cannot ensure that removal of information You provided to the Service will be complete or comprehensive (i.e., information posted to public groups and forums that may be accessed by non-users) but it will be complete and comprehensive on Our part (i.e., user account information). In addition, if at any time You delete Your account, We can guarantee complete removal of Your information from the Service.
Notification and other Privacy Preferences
We don’t send spam and do not permit spam on Our sites. We comply with the CAN-SPAM Act of 2003 (US) and applicable international anti-spam regulations.
The settings pages for Your account allow You to manage the following information related to Your account:
- Notification Settings: Choose how We communicate with You, including email messaging preferences.
- User Profile Settings: Change Your personal information displayed in Your profile, including adding, rectifying, or removing incorrect data about You, and updating Your username and password.
- Privacy Settings: Set privacy preferences for Your collection and wantlist, contact by other users and blocking users.
- Additional settings controls are available in the menu for Collection, Applications, Developers, Buyer, Seller, and Labs.
You have the right to withdraw consent for various Services and related activities at any time and may do so by updating the settings noted above. You may also withdraw consent for marketing emails by selecting the “Unsubscribe From Emails” button at the bottom of the Notification Settings page or unsubscribing from within the emails themselves.
If You sign up for a Cratediggers.com account, You are signing up to receive emails related to events and other industry information. In order to cease receiving emails and close Your Cratediggers.com account, You can unsubscribe via the link found at the bottom of the emails.
Gearogs.com, Filmo.gs, Bookogs.com, Comicogs.com, Posterogs.com and VinylHub.com accounts:
The Settings page for Your account allows You to manage the following information related to Your account:
- You can decide if You want others to browse and view your lists: Visited, Want to Visit, Collection, Wantlist or Following;
- You can control email notifications related to your lists (Wantlist, Following), forum threads and submissions You’ve contributed to;
- You can control your newsletter subscription settings.
You have the right to withdraw consent for various Services and related activities at any time and may do so by updating the settings noted above. You may also withdraw consent for marketing emails by unsubscribing from within the emails themselves.
We do not currently provide an account registration process for Discogs Exclusives. Buyers using this site will provide information through a guest checkout to conduct transactions. Sellers work directly with Our staff regarding inventory. All communications will relate directly to transactions entered into by the parties. You may contact Us directly regarding Your information related to Your use of this site via Our support center.
Public Groups & Forums
Information You post to the public areas of the Services (groups / forums / searchable database) is not private, and is not protected under this Policy. Please exercise caution when disclosing Your information in these areas. You acknowledge that others not covered by this Policy will have access to Your public postings and We cannot be responsible for any subsequent use of data contained in Your public postings.
Analytics & Display Advertising, Cookies
- We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on someone's past visits to Our website. See Our Cookie and Internet Advertising Policy for more information.
- The Google Analytics features We have implemented are based on Displayed Advertising (e.g., Remarketing). We use Remarketing with Google Analytics and Hivewyre to advertise online. You can review and customize Google Display Network ads using the Ads Settings on Google.
- Third-party vendors, including Google, show Our ads on sites across the Internet.
- Our Services will respect such browser settings as “do not track,” “private,” or the like from supported browsers. Opting out of receiving cookies or persisting cookies may affect certain functionality of the Services.
Your Right to Access, Alter, or Erase Your Personal Information
You have a right to access Your Personal Information. All data We collect from You can be found in Your user profile by reviewing:
- Discogs.com accounts: Your User Profile Settings and the additional settings noted in the menu on the left side of the page (i.e., Notification, Privacy, Buyer, Seller, etc.).
- All other accounts: Your Gearogs.com Profile Settings, Your Filmo.gs Profile Settings, Your Bookogs.com Profile Settings, Your Comicogs.com Profile Settings, Your Posterogs.com Profile Settings, and Your VinylHub.com Profile Settings.
- Discogs Exclusives does not provide for account registration. You can contact Our support center regarding information You have provided in relation to transactions.
You may also access Your Personal Information and how it is used and shared by completing the Request Access of Data form in Our support center. We will comply with Your request within 30 days and if permitted by law. Discogs may ask for additional information to confirm Your identity prior to releasing any information.
You may also access Your Personal Information and how it is used and shared by completing the Request Access of Data form in Our support center. We will comply with Your request within 30 days and if permitted by law. We may ask for additional information to confirm Your identity prior to releasing any information.
We want to make sure that Your Personal Information is accurate and up to date.
If You would like to update Personal Information that You have previously provided to Us and are unable to do so through Your User Profile Settings and the additional settings noted in the menu on the left side of the page (i.e., Notification, Privacy, Buyer, Seller, etc.) for Your Discogs.com account, or through Your Profile page for any other account as noted above, then please contact Us through Our support center. In Your request, please make clear what information You would like to have changed, whether You would like to have Your Personal Information suppressed from Our database or otherwise let Us know what limitations You would like to put on Our use of Your Personal Information that You have provided to Us. We will comply with Your request within 30 days and if permitted by law.
You have a right to obtain erasure of the Personal Information You have provided to Us related to Your use of the Services. Exercising this right will result in closure of any account You have opened and removal of any items You have listed for sale in the Marketplace. In addition, exercising this right will impact certain functionality of the Services available to You online. If You request erasure, pursuant to the Terms of Service, (i) Your user-generated content contributions will be anonymized by having the user name replaced by a generic term (i.e., "previous user1234" or simply "user1234"), and (ii) We are entitled to continue using this anonymized user-generated content. We cannot guarantee that Your username as associated with any information You posted in public forums and discussions will be fully erased as users have access to those areas of Our site and may have used or republished such information, including Your username, prior to the time of Your request, subject to Our Terms of Service. We will comply with Your request within 30 days and if permitted by law or as set forth below. We may need to maintain certain information for longer than 30 days in order to carry out Our contractual obligations to You. For example, We provide support for transaction disputes for 90 days following the date of transaction. In addition, We may maintain minimal data on You for a reasonable period of time if You have violated the Terms of Service resulting in an account ban in order to protect other users. You may submit a request for erasure by completing the Request Erasure of Data form in Our support center. We may ask for additional information to confirm Your identity prior to erasing Your Personal Information.
Your Portability Rights
You have a right to receive the Personal Information concerning You, which You have provided to Us, in a structured, commonly used and machine-readable format and You have the right to transmit those data points to another controller where Our processing is based on Your consent or any contract You have with Us and the processing is carried out by automated means. You may submit a request for portability by completing the Request Portability of Data form in Our support center. We will comply with Your request within 30 days and if permitted by law. We may ask for additional information to confirm Your identity prior to providing You with the requested information.
If You believe that Your privacy rights have been breached or that Your Personal Information has been compromised as a result of using Our Services, please contact Us via the support center or at email@example.com. We may ask for additional information to confirm Your identity prior to assisting with Your complaint. We will respond to Your complaint within 30 days of receipt if permitted by law and may request additional information from You to complete Our investigation.
You may also contact Our Data Protection Officer, Saski Wenge, directly with any complaints at s.wenge [at] dpoconsultancy [dot] nl.
If You are a resident of the EU or EEA and feel that Your privacy has been infringed by Our Services or practices, You have the right to lodge a complaint directly with a supervisory authority in Your member state of residence, place of work or place of the alleged infringement. The name and contact details of the Data Protection Authorities in the European Union can be found here. Our lead supervisory authority is Autoriteit Persoonsgegevens (The Netherlands).
For complaints related to the Digital Millennium Copyright Act or other copyright laws and regulations, please review the How Do I Report Copyright Infringement information documentation.
In the event that We are unable to resolve any complaint or dispute that You bring to its attention, You may contact an independent dispute resolution body free of charge. We have chosen JAMS as its independent recourse mechanism. You can file a claim with JAMS at the following website: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. In some cases, You may be able to invoke binding arbitration.
We may amend this Policy at any time by posting the amended terms on this site and notifying You of material changes to the Policy along with an opportunity to opt-in to changes that require Your consent by law or regulation or to opt-out of any changes that decrease Your rights under this Policy. All non-material changes to Our terms are effective on the effective date of this Policy. We encourage You to review this Policy from time to time. By continuing to use the Services after non-material changes are effective, or after being notified of a material change, You will be deemed to have accepted the changes.
In the event that We go through a business transfer such as a consolidation, merger, restructuring, acquisition, or sale of part or all of Our assets, We will obtain Your consent to the transfer of Your information as permitted by law and to the continued use of Your information by the recipient following the transfer so long as they comply with this Policy.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission in connection with its Privacy Shield compliance.