PRIVACY POLICY

 

1.0 Privacy Policy

 

Version Control: 3.0

Date of Implementation: 20230604

 

2.0 Summary

 

This document sets forth the Privacy Policy (the “Policy”) that is designed to provide you with important information about the privacy practices of the Registry Operator (“we” or “us”). This Policy applies to information collected and received by the Registry Operator for the .MUSIC Top Level Domain (“MTLD”) and to information collected through the Registry Operator’s website (collectively, the “Services”).

 

3.0 Collection of Information

 

The Registry Operator collects or receives the following types of information in connection with the Services:

 

3.1 Information You Provide Directly. You may provide information directly to the Registry Operator, which may include names, addresses, phone numbers, email addresses and more when you correspond with the Registry Operator.

 

3.2 Information Registry Operator Receives from Third Parties. The Registry Operator may collect or receive information from service providers (e.g., registrars, resellers, verification agents, etc.), music community organizations (e.g. music businesses or organizations) and other parties (e.g., regulators, complainants, etc.). That information is received for the Registry Operator to fulfill its role as a registry operator.

 

3.3 Device information: We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).

 

3.4 Log information: When you use our services or view content provided by Registry Operator or one of our affiliates, we may automatically collect and store certain information in server logs (records of the page requests made when you visit our sites). This may include: details of how you used our service; Internet protocol address; device event information such as crashes, system activity, hardware settings, browser type, standard HTTP request headers, including but not limited to user agent, referral URL, language preference, date and time; and cookies that may uniquely identify your browser or your account.

 

3.5 Cookies and Local Storage: We may use various technologies to collect and store information when you visit the website, and this may include sending one or more cookies or randomly generated identifiers to your device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. Cookies may store user preferences and other information. The "help" portion of the toolbar on the majority of browsers will direct you on how to prevent your browser from accepting new cookies, how to command the browser to tell you when you receive a new cookie, or how to fully disable cookies. However, some of the Registry Operator’s website features or services may not function properly without cookies. We may also collect and store information using mechanisms such as browser web storage (including HTML5) and application data caches.

 

3.6 Information from Registrars: Registrars collect information from you when you register a domain name, including your name, address, contact information, the name servers on which your domain name is hosted and their IP addresses, and the same information for administrative and technical contacts you identify. We receive this information from registrars for the Registry Operator MTLD.

 

4.0 Use of Information

 

4.1 The Registry Operator may use the information we collect and receive for the following general purposes:

 

4.1.1 To determine your eligibility to register a MTLD in accordance to the Registry Operator’s Registrant Eligibility Policy as well as your compliance with the Acceptable Use Policy;

 

4.1.2 To contact you using your email address or telephone number in regards to your application or ongoing registrant eligibility for a MTLD.

 

4.1.3 To provide you with the Services and information you request and with legal notices or information about changes to this Policy or Registry Operator’s Terms of Use;

 

4.1.4 To continually improve the Services and enhance your experience with the Services, we may use your email address to inform you of our services, send you administrative messages, as well as contact you to provide you with relevant content, surveys, questionnaires and other materials;

 

4.1.5 To respond to your requests, questions, and comments, the Registry Operator may keep a record of your communication;

 

4.1.6 As the Registry Operator believes is necessary to protect our rights and the rights of others, including by enforcing the Registry Operator’s Terms of Use and other policies;

 

4.1.7 For any other purpose disclosed to you at the time Registry Operator collects your information, or pursuant to your consent; and

 

4.1.8 The Registry Operator may also combine this information, to provide and enhance our services.

 

4.1.9 The Registry Operator may process personal information on servers in many countries around the world. We may process, transfer and/or store your personal information on a server located outside the country where you live taking reasonable steps to ensure the confidentiality and security of information sent outside the individual’s country of residence.

 

4.1.10 Protect the music community and the Registry Operator, our users, and the public. We use information to help improve the safety and reliability of our services and partner companies. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm the Registry Operator, our users, or the public. The MTLD is a secured name space and registrants demonstrate a nexus to the MTLD strings they register therefore we must protect the MTLD from fraud and impersonation. Where abuse is detected through our technical monitoring we may reach out to you, your registrar, or other third parties to assist in mitigation.

 

5.0 Sharing of Information

 

5.1 When you provide data or personal information to the Registry Operator, we may store it and share it with companies, organizations and individuals outside of the Registry Operator in the following circumstances and in compliance with our Privacy Policy, our obligations to the Internet Committee for Assigned Names and Numbers (ICANN), and any other appropriate confidentiality and security measures:

 

5.1.1 With your consent. We may share personal information with companies, organizations or individuals outside of the Registry Registry when we have your consent to do so.

 

5.1.2 For external processing. We provide personal information to our Affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy, our obligations to the Internet Committee for Assigned Names and Numbers (ICANN), and any other appropriate confidentiality and security measures.

 

5.1.3 Affiliates. The Registry Operator may share your information with the Registry Operator’s affiliates—companies that control, are controlled by, or are under common control with, the Registry Operator.

 

5.1.4 Service Providers. The Registry Operator may share your information with entities that provide services to the Registry Operator, including registrars, resellers, back-end registry service providers, and companies that provide processing, escrow, verification, shipping, web analytics, email distribution, and other services. We may also share your information with companies and organizations in the music industry and community. This information is shared only to the extent such providers, businesses, and organizations need it in order to provide services to the Registry Operator and our users. Such parties will be bound by contractual agreement to keep the information confidential and are compliant with privacy regulations in their given country or jurisdiction.

 

5.1.5 For legal reasons. We will share personal information with companies, organizations or individuals outside of the Registry Operator if we believe that access, use, preservation or disclosure of the information is reasonably necessary to:

 

5.1.5.1 meet our obligations to ICANN.

 

5.1.5.2 meet any applicable law, regulation, legal process or enforceable governmental request. 5.1.5.3 enforce applicable Terms of Service, including investigation of potential violations.

 

5.1.5.4 detect, prevent, or otherwise address fraud, security or technical issues.

 

5.1.5.5 protect against harm to the rights, property or safety of Registry Registry, our users or the public as required or permitted by law.

 

5.1.6 Aggregated, Anonymized Information. We may share aggregated, anonymized information with ICANN, publicly, and with our partners. For example, we may share information publicly to show statistical trends about the general use of our services.

 

5.1.7 Mergers, Acquisitions, or Sale. In the event that the Registry is involved in a merger, acquisition or asset sale, we may disclose your personal data to the prospective seller or buyer of such business or assets.

 

6.0 Information Security

 

6.1 Registry Security. Registry Operator uses reasonable physical, technical, and administrative measures to safeguard personal information in our possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while Registry Operator strives to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.

 

6.2 User Passwords. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

 

6.3 Deletion of Underage Users. The Registry Operator does not knowingly collect or store personal information about children under the age of 13. If we learn that we have collected personal information from a child under age 13, we will delete that information from our database.

 

7.0 Access, Retention and Deletion of Personal Information

 

Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request. We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

 

7.1 Legal Retention. Sometimes business or legal requirements may oblige us to retain certain information, for specific purposes, for an extended period of time. We might retain some data for longer periods of time if:

 

7.1.1 An applicable law, regulation, legal process (e.g., a subpoena) or enforceable government request, requires us to do so or it is necessary to enforce applicable service terms, including investigation of potential violations of those terms or our abuse policies.

 

7.1.2 We are investigating or have taken action with respect to a domain for abusive behavior.

 

7.1.3 You have directly communicated with us, through a customer support channel, feedback form, or a bug report, in which case, we may retain reasonable records of those communications.

 

8.0 Application

 

Our website may, from time to time, contain links to and from the websites of our affiliates, partners and service providers. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

9.0 Regulatory Frameworks

 

9.1 European Requirements If European Union (EU) data protection law applies to the processing of your information, you have the right to request access to, update, remove, and restrict the processing of your information. You also have the right to object to the processing of your information. The personal information that we process about you is the information we receive from your registrar and any update that you make in your registrar’s system will be automatically reflected in our system. If you would like to access, update, or remove any of that personal information, please first contact your registrar. We process your information for the purposes described in this policy, based on the following legal grounds:

 

9.1.1 When we’re pursuing legitimate interests

 

9.1.2 We process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information for the following purposes:

 

1. Providing, maintaining, and improving our services to meet the needs of our users

2. Detecting, preventing, mitigating, or otherwise addressing fraud, abuse, security, or technical issues with our services

3. Centralizing registrant data for our top level domains to ensure the ongoing continuity, stability, and resiliency of the Domain Name System Protecting against harm to the rights, property or safety of Registry Operator, our users, or the public as required or permitted by law

4. Performing research that improves our services for our users and benefits the public

5. Fulfilling obligations to ICANN and our registrar partners

6. Enforcing legal claims, including investigation of potential violations of applicable Terms of Service and abuse policies

 

9.1.3 When we’re providing a service. We process your data to fulfill registration and operation of your domain that you request through your registrar.

 

9.1.4 When we’re complying with legal obligations. We’ll process your data when we have a legal obligation to do so, for example, if we’re responding to legal process or an enforceable governmental request. Registry Operator may receive requests from governments and courts around the world to disclose registrant data. Respect for the privacy and security of your data underpins our approach to complying with these legal requests. Registry Operator’s legal team reviews each request and frequently pushes back when a request appears to be overly broad or doesn’t follow the correct process.

 

9.1 Non-European Requirements

 

Registry Operator, maintains servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy. We also comply with certain legal frameworks relating to the transfer of data, such as the EU-US and Swiss-US Privacy Shield Frameworks.

 

When we receive formal written complaints, we respond by contacting the person who made the complaint. We may work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

 

10.0 Amendments

 

Registry Operator reserves the right to modify this Policy at its sole discretion. Such revised Policy shall be posted on Registry Operator’s website at least fifteen (15) calendar days before its effective date. Therefore, it is important to check the effective date of the Policy posted here each time you use the Registry Operator’s website. By continuing to use the Services after we make changes, you indicate your consent to those changes.

 

11.0 Questions and Contact Information

 

Registry Operator wants to assure you that we are dedicated to protecting the rights of registrants. If you have questions or comments about this Policy, please contact policy@my.music * * *