Privacy Policy

Last updated: 1st March, 2022

This Privacy Policy applies to Personal Data processed by MUSO TNT LIMITED (“MUSO”, “We”, “Us” and “Our”).

YOUR RIGHTS TO PERSONAL DATA

This Privacy Policy describes what Personal Data MUSO collects and processes through Our website, products, services and through the third party sub-processors and Our data partners. We aim to be transparent in why We collect it and how it is collected. We give you means by which you can exercise your privacy rights over your Personal Data.

To the extent that We process your Personal Data, We uphold your rights as a citizen or resident whose data is protected by the these privacy acts/regulations:

• UK Data Protection Act 2018
• European Union General Data Protection Regulation (GDPR) 
• California Consumer Privacy Act (CCPA)

DATA CONTROLLER

• Name: MUSO TNT LIMITED
• Phone: +44(0)20 7403 4543
• Email: gdpr at muso dot com
• Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK
• UK Information Commissioner Office (ICO): Registration Number: ZA359358

DATA PROTECTION OFFICER

• Name: Simon Horton
• Email: dpo at muso dot com
• Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK

THIRD PARTY LINKS

Our website, services and this Privacy Policy contain links to external third party websites and applications which are not operated or controlled by MUSO, examples include third party social media platforms like Twitter and LinkedIn, or to Our service providers, sub-processors and data partners. This Privacy Policy does not apply to those third party sites, and clicking on the links to externally controlled services may allow the third party to collect or share data about you. Your interactions with these third party websites are governed by the privacy policy of the website and application owners. It is recommended that you review and understand how those third parties will handle your data privacy.

YOUR RIGHTS OVER YOUR PERSONAL DATA GIVEN TO MUSO

Should you ever wish to exercise any of your privacy rights, please contact MUSO’s Data Protection Officer using the contact details above in the DATA PROTECTION OFFICER section. 

You have rights regarding the personal data We collect and store about you. These rights are:

• Access to a copy of your personal data;
• Object to processing;
• Stop receiving direct marketing material;
• Object to decisions being taken by automated means;
• Have inaccurate personal data rectified, blocked, erased or destroyed;
• Lodge a complaint with the UK Information Commissioner Office (ICO) (https://ico.org.uk/make-a-complaint/);
• Initiate a legal claim for compensation for damages caused by a breach of your rights applicable to the data protection laws you are subject to.

PURPOSES OF PROCESSING YOUR PERSONAL DATA

MUSO processes personal information to:

• Enable Us to act as an intermediary on behalf of Our clients for any transactions including DMCA Takedown Notice and anti-piracy services
• Provide insight into digital content consumption trends to its clients and for marketing purposes
• Deliver interest-based advertising through third party advertising service providers
• Promote its goods and services 
• Maintain its accounts and records
• Support and manage its staff

MUSO maintains personal data for:

• clients
• suppliers
• professional advisers and consultants
• enquirers, complainants
• employees
• claimants

CATEGORIES  OF PERSONAL DATA COLLECTED

We collect personal data through different channels, including:

Direct communication: when you choose to give Us your contact details, or financial transaction details, by submitting contact and registration forms, or submitting an order, on Our website or through other methods via social media, phone, email, post, direct interaction or other methods. You provide Personal data when you:

• contact Us with an enquiry or support request
• request or subscribe to marketing information
• register for Our products or services
• provide feedback or comment

Automated analytics gathering technologies: As you use Our website and services, We automatically collect technical and usage data to help us improve Our products and services by having a better understanding of user activity.

Third party or publicly available data: Personal data about you may be received from third parties or publicly available sources, examples of these sources include:

• Third-party data partners such as user website browsing activity data collected via opt-in consent
• Recruitment services’ data such as CV information
• Public sources of information such as Crunchbase, LinkedIn

The types of personal data We collect are:

Identifier Information/Contact Information (Any person who MUSO needs to maintain as a contact): MUSO collects the minimum amount of personal data required to conduct business. Primary contact data includes name, email address, address, and telephone number. We collect this information directly from you or from third party sources.

Staff (permanent, part-time, contract, temporary, non-executive): MUSO collects information for Human Resources purposes to service the requirements of employees and comply with UK employment and fiscal laws, and regulatory requirements.

Clients: To conduct business as an anti-piracy services and consumption data provider, MUSO collects only the data it requires. Most of the identification data is at organisation level, but some information collected refers to the Directors: names and qualifications.

Statutory and non-statutory checks: To conduct business as an anti-piracy technology and data supplier, and comply with UK law, MUSO requests and receives information with regards to data about and related to content which is consumed illegally for the purposes of taking down the infringing content and to collect related data on said infringements.

Commercial information/Contractual information: To conduct business, MUSO collects only the relevant data it requires to fulfil its contractual obligations. The amount of data collected is the minimum required to meet these obligations. We collect this data directly from you. 

Financial Information: To collect and effect payments, MUSO stores payment and account details for its clients and employees. We collect this data directly from you.  

Audio, Video and Images Recordings: MUSO holds formal and informal events. MUSO may collect an industry event attendee contact information and take digital recordings of the event containing attendees. We collect this data directly from you. 

Email addresses: All email addresses collected by a form or an email message will be stored. MUSO will use the email address primarily to respond to requests or conduct correspondence with regards to legitimate interests e.g. a policy, claim, etc. MUSO may forward emails to other employees or MUSO approved third parties for further processing. MUSO may also use email addresses to make contact regarding our organisation or as part of legitimate day-to-day operational needs. Emails and telephone calls will be used for the purposes outlined at the time of collection or registration in accordance with the data subject’s preferences. We collect this data directly from you.  

Internet or other network activity data: Web browsing activity, IP address. We collect this data directly from your device.

Geolocation data: The general geographic location your device may offer about you. We collect this data directly from your device.

Inferences: We may infer data about you, such as using your IP address to identify your geolocation. We collect this data directly from your device.

Other: If you choose to interact with Us and communicate by other methods not listed, such as by post, phone or in person. We collect this data directly from you.

SHARING PERSONAL DATA 

We sometimes need to share the personal information We process with individuals and also with other organisations. Below is a description of the types of organisations MUSO may need to share some of the personal information it processes with for one or more reasons.

• business associates and professional advisers
• central government
• courts and tribunals
• credit reference agencies
• current, past or prospective employers
• debt collection and tracing agencies
• educators and examining bodies
• employment and recruitment agencies
• family, associates and representatives of the person whose personal data we are processing
• financial organisations
• healthcare and welfare organisations
• law enforcement and prosecuting authorities
• ombudsmen and regulatory authorities
• other companies in the same group
• suppliers and services providers
• trade and employer associations

KEEPING YOUR PERSONAL DATA

Retention of specific records may be necessary for one or more of the following reasons:

• To fulfil statutory or other regulatory requirements.
• To evidence events/agreements in case of disputes.
• To meet our operational needs.
• To meet any historical purposes.

Personal data that is collected and subsequently never used for any business purpose will be reviewed and destroyed at MUSO’s discretion.

AUTOMATED PROFILING USING YOUR PERSONAL DATA

MUSO does not use automated profiling.

HOW MUSO USES YOUR PERSONAL DATA

Below describes how we use your personal data and for what purpose, and under which circumstance we collect your personal data, and which lawful basis we are collecting it for.

HOW WE USE YOUR DATA IF YOU ARE USING OUR WEBSITE

HOW WE USE YOUR DATA IF YOU ARE A SALES LEAD

HOW WE USE YOUR DATA IF YOU ARE OUR CLIENT

HOW WE USE YOUR DATA IF YOU ARE AN EMPLOYEE OR SUB-CONTRACTOR OF MUSO

HOW WE COLLECT AND PROCESSES YOUR PERSONAL DATA

Below details the types of third party service providers and data partners We work with to process personal data.

TYPES OF THIRD PARTY DATA PROVIDERS AND SUB-PROCESSORS USED BY MUSO

As Our business continues to adapt to meet changing requirements, the Sub-processors and Third Party Data Partners We work with may also need to change. We review the Privacy Policy and Security Compliance of each third party We select to ensure they adequately meet the privacy and security requirements necessary for the protection of personal data.

TRANSFERRING YOUR PERSONAL DATA

Your personal data collected by MUSO may be stored and processed in the United Kingdom and European Economic Area (EEA). In addition, your data may be stored and processed by Our Third Party Data Partners and Sub-processors as detailed in this Privacy Policy.

Should We need to transfer your personal data, MUSO will take reasonable measures to ensure that transfers of personal data use appropriate security measures, ensuring data protection standards and security compliance are adhered to.

EU OR UK CROSS BORDER TRANSFER OF PERSONAL DATA

When We have a need to transfer personal data outside the European Economic Area (EEA) or UK, we will only do so where We have reviewed and approved the Third Party security and compliance of where the data will be stored in that it will offer an adequate level of protection for personal data. MUSO adheres to industry standard measures to ensure the secure transfer of the personal data.

MUSO undertakes reasonable measures when transferring data between the UK or European Economic Area (EEA) and to outside the UK or non-EEA countries. Data protection safeguards are evaluated to determine if the grounds for data transfers are appropriate to enter into the EU’s GDPR Standard Contractual Clauses (SCC) with the recipient. Further information on SCC can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

INDUSTRY PRIVACY STANDARDS 

MUSO is committed to transparent user control to respect the sale of personal data and is a member of the following digital advertising self-regulatory programs: 

MUSO is a registered vendor with the Trustworthy Accountability Group (TAG), a leading global initiative fighting to stop criminal activity and increase trust and transparency in digital advertising.

MUSO is a registered vendor with IAB Europe’s Transparency and Consent Framework, a GDPR consent solution built by the industry for the industry, creating a true industry-standard approach.

OPT-OUT OF DATA COLLECTION AND SHARING

MUSO has partnered with industry leading third party data partners who respect your right to privacy. 

Data subjects who want to exercise their right of Do Not Sell My Data may opt-out at the point of collection via the buttons contained directly within the privacy policy pages of Our Data Partners linked below:

CHILDREN’S DATA

Our products and services are only available to people who are of legal age to enter into a legal contract. Our services are not directed at children under the age of 16 years of age. If you are aware that a child in your care or guardianship has provided Us with Personal Data without your consent, please contact MUSO’s Data Protection Officer using the contact details at the top of this Privacy Policy.

We do not knowingly collect or process Personal Data from children. If We learn We have collected Personal Data pertaining to a child in violation of Applicable Law, We will promptly take action to investigate and rectify this, deleting all information identified. We will also propose reasonable preventative measures to take action on which would avoid the same scenario happening again in the future. 

SUPPLEMENTARY INFORMATION AND RIGHTS FOR CALIFORNIA RESIDENTS

With reference to SB-1121 California Consumer Privacy Act of 2018 under section 1798.140, the data We process is not personal information as it cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer. MUSO only processes pseudonymized and deidentified information collected by our data provider partners. MUSO is not the point collection of your personal data and We are not a Data Broker as defined by AB-1202 Privacy: data brokers. 

The data providers MUSO have partnered with, are the point of collection and are registered as Data Brokers with the Attorney General, State of California Department of Justice.

In addition to the information set out in this Privacy Policy which categorises your Right to know the personal information We may have collected about you, and your Right to Opt-Out of Data Collection and Sharing of the sale of your personal information, Residents of California have certain specific data management rights regarding the data We collect about you in accordance with the California Consumer Privacy Act (“CCPA”), effective 1st January, 2020. 

You can exercise your rights yourself or you may choose to designate an authorised agent to exercise these rights on your behalf. 

You may submit your request to us by post or by email using the contact name and details set out in the DATA PROTECTION OFFICER section at the top of this Privacy Policy. 

You have the right to request:

• We disclose the personal information held about you for the 12-month period preceding your request; 
• We delete the personal data we hold about you.

If you exercise your right in a request:

• We will respond to your initial request within 45 calendar days. 
• We will need to verify your identity to ensure that the person submitting the request for deletion is the consumer whom we may hold the personal information about. The personal information we may request will only be used for the verification of your request to confirm your identity.
• We will not discriminate against you in your ability to use Our services if you choose to exercise your rights under the CCPA. If you refuse to provide necessary personal information We require for Us to fulfil the mandatory obligations necessary to operate Our service then We will be unable to provide you with Our services.