Privacy Policy
Effective Date: May 25, 2018
Bandcamp, Inc. (“Bandcamp”) knows that you care about how your Personal Data is used and shared, and we take your privacy seriously. Please read the following to learn more about our privacy policy. This Privacy Policy describes how we collect, use, share, and safeguard your Personal Data when you access the www.bandcamp.com website and domain name, mobile applications, and any other linked pages, features, content, or application services offered from time to time by Bandcamp in connection therewith (collectively, the "Service"), or otherwise interact with us. This policy does not apply to the practices of companies that Bandcamp does not own or control, or to individuals that Bandcamp does not employ or manage. “Personal Data” means any data related to an identified or identifiable individual. By accessing or using the Service, you acknowledge that you accept the practices and policies outlined in this Privacy Policy.
What Personal Data Does Bandcamp Collect?
- User information, such as the name, username, password, email address, photograph or other likeness, settings, associations with bands and fans, purchase history, and any other information you provide in connection with your user account.
- User financial information, such as your credit or debit card number, bank account number, and billing and shipping address. This information is collected and processed by our payment processor, as necessary to complete your purchase. We do not receive your credit card information directly, but we may receive information about the transaction, such as the date and time it occurred. This information may or may not be associated with an existing user or fan account on the website.
- Band information, such as user-provided biography, location, and tags.
- Band financial information, such as Paypal account(s), Stripe account(s), Pro/label subscriptions, and payouts.
- Fan information, such as the user-provided name, email address, country of residence, zip/postal code, picture, location, and biography.
- Emails and messages, including receipts, newsletters, and support contact. This information consists of the emails we send to individuals, and the messages that users may send to one another.
In addition to the above, we may automatically collect the following types of information:
- Website activity information, such as application logs, data files, information collected by cookies, IP address, browser information, and metrics generated in the normal operation of a website. “Application logs” are text files in which are recorded most of the activities on a website, including page visits, payments, and usage. Website activity information is sometimes associated with an IP address or other Personal Data. Third parties may also collect information about your website activity over time and on other websites or mobile applications.
- Information collected via cookies.
Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your browser to enable our systems to recognize your browser and tell us how and when pages in our site are visited and by how many people. Bandcamp cookies do not collect Personal Data, and we do not combine the general information collected through cookies with other Personal Data to tell us who you are or what your screen name or email address is.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave the cookies activated, however, because cookies enable you to take advantage of some of Bandcamp’s most attractive features. If you choose to disable cookies or similar technologies, some parts of our Service may not work properly.
- We use Google Analytics to collect and process analytical data about users of Bandcamp’s website. Google Analytics tracks your interaction with the Site and stores information about IP address, operating system, web browser, pages visited, information about demographics of our website users, the device used, and where the visit originated. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- We may use software tools such as JavaScript to collect page interaction information such as clicks, drags, and hover-overs, response times, errors, and length of visits to certain pages.
For Which Purposes Will Bandcamp Use Your Personal Data?
The Personal Data collected by Bandcamp is used for the following purposes:
- To allow you to use the Service, to set up a user account and profile that can be used to interact with other users, and to allow users to identify each other by displaying Personal Data to other users and visitors of the Service;
- To provide, administer, and communicate with you about products, services, offers, programs, and promotions of Bandcamp and its partners (including surveys and any other marketing activities). If required under applicable law, we will only send you promotional communications with your consent;
- To operate, evaluate and improve our business, including developing new products and services; managing our communications; determining the effectiveness of, and optimizing the content you see; analyzing our products, services, website, mobile application, and any other digital assets; facilitating the functionality of our website, mobile application, and any other digital assets;
- To process sales and purchases, to transfer money, and to provide the expected receipts, statistics, and reports to the band and its customers;
- To perform accounting, auditing, billing, reconciliation, and collection activities;
- To respond to your inquiries;
- To perform data analyses and data aggregation (including anonymization of Personal Data);
- In connection with prospective service engagements, partnerships or vendor relationships;
- To comply with law enforcement requests and other legal obligations;
- To apply and enforce our Terms of Use and other agreements;
- To protect the rights, property, or safety of Bandcamp, our employees, our users, or others, including by taking measures to prevent fraud and reduce credit risk;
- To comply with industry standards and our policies.
We also may use the information in other ways for which we provide specific notice at the time of collection.
Email Communications:
We may receive a confirmation when you open an email from Bandcamp. Bandcamp uses this confirmation to help us make emails more interesting and helpful and improve our service. If you do not want to receive email from us, please contact us as specified in the “How To Contact Us” section below.
When Does Bandcamp Collect Personal Data Relating To You?
We may collect and use Personal Data relating to you when:
- You have consented to the use of your Personal Data;
- We need your Personal Data to provide you with services and products requested by you, or to respond to your inquiries;
- We have a legal obligation to use your Personal Data;
- We have a legitimate interest in using your Personal Data. This includes our legitimate interests to ensure and improve the safety, security and performance of our products and services.
How Does Bandcamp Receive Personal Data About To You?
We may receive Personal Data relating to you from:
- You directly when you provide us with information about you;
- Your use of Bandcamp’s Service;
- Third parties that provide us with information about you.
For How Long Does Bandcamp Keep Your Personal Data?
Bandcamp stores Personal Data only for as long as it is necessary for the fulfillment of the purpose for which it was collected, unless otherwise required or authorized by applicable law. We take measures to destroy or permanently de-identify Personal Data if required by law or if the Personal Data is no longer required for the purpose for which we collected it.
How Will Bandcamp Share the Personal Data It Receives?
Personal Data about our customers is an integral part of our business. We neither rent nor sell your Personal Data to anyone. We share your Personal Data only as described below.
- Members of our Group: We may share your Personal Data with any members of our group, which includes our affiliates, employees, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your data in order to carry out the above-mentioned data processing purposes.
- Affiliated Businesses We Do Not Control: We are affiliated with a variety of businesses and work closely with them. In certain situations, these businesses sell items to you through Bandcamp's Service. In other situations, Bandcamp provides services, or sells products jointly with affiliated businesses. You can easily recognize when an affiliated business is associated with your transaction, and we will share your Personal Data that is related to such transactions with that affiliated business.
- Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. Examples may include sending postal mail and email, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. Unless we tell you differently, Bandcamp’s agents do not have any right to use Personal Data we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Data for the above purposes.
- Bands: When you use certain functionality or services, we may provide certain Personal Data to bands, such as your email address, country of residence and zip/postal code ("Fan Information"), and you can opt-in to be added to the relevant band’s mailing list. Bands are only authorized by us to use the Fan Information to send email to you and may not share, rent, or sell the information with others for any other purpose.
- User profiles: User profile information including users’ name, email address, purchase history and other information you enter (“User Submissions”) may be displayed to other users in certain cases to facilitate user interaction within the Service. Email addresses are used to add new User Submissions to user profiles and to communicate through User Submissions. Users’ email addresses will not be directly revealed to other users by us, except, when the user is “connected” to another user via a shared group membership, or an invitation, or if the user has chosen to include their email address in their User Profile. You may designate certain User Submissions, including individual items in your purchase history, as private, in which case they will not be displayed to other users.
- Aggregate information: We may provide aggregate information to our partners about how our customers, collectively, use our site. We share this type of statistical data so that our partners also understand how often people use their services and our Service, so that they, too, may provide you with an optimal online experience. Bandcamp never discloses aggregate information to a partner in a manner that would identify you personally.
- Communication in response to User Submissions: As part of the Service and Services, you will receive from Company email and other communication relating to your User Submissions. You acknowledge and agree that by posting such User Submissions, Company may send you email and other communication that it determines in its sole discretion relate to your User Submissions.
- Business Transfers: In these types of transactions, customer information is typically one of the business assets that is transferred. Moreover, if Bandcamp, or substantially all of its assets were acquired, or in the unlikely event that Bandcamp goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Bandcamp may continue to use your Personal Data as set forth in this policy.
- Compliance with the Law, Protection of Bandcamp and Others: We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Bandcamp, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
- With Your Consent: Except as set forth above, you will be notified when your Personal Data may be shared with third parties, and will be able to prevent the sharing of this information.
Is Personal Data About You Secure?
Bandcamp endeavors to protect user information to ensure that your Personal Data is kept private. We use physical, managerial, and technical security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. In particular, we take steps to ensure that our employees and service providers who have access to your Personal Data only process it upon our instructions, unless otherwise required by law.
However, no measures are 100% secure and unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your Personal Data. To protect the security of your data, you need to select and protect your password appropriately and limit access to your computer and browser by signing off after you have finished accessing your account.
The Service may contain links to other sites. Bandcamp is not responsible for the privacy policies and/or practices on other sites. When linking to another site you should read the privacy policy stated on that site. This Privacy Policy only governs information collected by Bandcamp.
What Choices And Rights Do You Have Regarding Your Personal Data?
You have certain rights regarding the Personal Data we maintain about you. We also offer you certain choices about what Personal Data we collect from you, how we use that information, and how we communicate with you.
- Sometimes you may be required by law or by contract to provide us with your Personal Data to be able to use our products or services. In other cases, you may provide us with your personal data voluntarily. The particular reasons for using your Personal Data, whether you are required to provide your Personal Data, and the possible consequences of not providing your Personal Data will be indicated at the time the information is collected.
- You may designate certain User Submissions as private so that they are not shared with other users. Not all User Submissions may be designated as private.
- You can add or update certain information on pages, such as your username and password, your email address, and your user profile information.
- Where required by law, we obtain your prior opt-in consent at the time of collection for certain processing of Personal Data, such as for direct marketing purposes. If we rely on consent for the processing of your Personal Data, you have the right to withdraw your consent at any time and, when you do so, this will not affect the lawfulness of the processing before your consent withdrawal.
- You can opt out of the collection and use of certain information, which we collect about you by automated means, when you visit our website. Your browser may tell you how to be notified and opt out of receiving certain types of cookies and similar technologies. Please note, however, that without cookies you may not be able to use all of the features of our website.
- You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as specified in the “How To Contact Us” section below. Please note that if you do not want to receive legal notices from us, such as this Privacy Policy, those legal notices will still govern your use of the Bandcamp Service, and you are responsible for reviewing such legal notices for changes.
- To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your Personal Data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to the use or disclosure of your Personal Data will mean that you cannot take advantage of some Bandcamp features.
- Subject to applicable law, you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, receive copies of the Personal Data we maintain about you, exercise your right to data portability, update and correct inaccuracies in your Personal Data, object to or restrict the processing of your Personal Data, and have the information blocked, anonymized or deleted, as appropriate. These rights may be limited in some circumstances by local law requirements. You may also have the right to lodge a complaint with your local data protection authority.
- Under California’s “Shine the Light” law, California residents who provide Personal Data in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information shared, the names and email addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities), and descriptions of the likely types of marketing the third parties would send. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
- If we fall short of your expectations in processing your Personal Data or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. You may contact us by using the contact details provided in the “How To Contact Us” section below. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.
- If you provide us with any Personal Data relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual on the processing of her/his Personal Data and obtain her/his consent, as may be necessary under applicable laws.
- To exercise your rights and choices as described above, please contact us as specified in the “How To Contact Us” section below.
Does Bandcamp Collect Children’s Data?
We do not knowingly collect, maintain, or use Personal Data from children under 16 years of age, and no part of the Service is directed to children under the age of 16. If you learn that your child has provided us with Personal Data without your consent, you may alert us by using the contact details provided in the “How To Contact Us” section below. If we learn that we have collected any Personal Data from children under 16, we will promptly take steps to delete such information and terminate the child’s account.
Does Bandcamp Transfer Your Personal Data Abroad?
To offer our services, we may transfer your Personal Data to recipients in countries other than the country in which the data were originally collected, including to the United States. The laws in those countries may not offer the same level of data protection as the country in which the data initially were provided. When we transfer your Personal Data to recipients in other countries, we will protect the data as described in this Privacy Policy.
Bandcamp is currently in the process of certifying to the EU–U.S. and the Swiss–U.S. Privacy Shield frameworks to provide adequate safeguards for the transfer of Personal Data to the United States from the European Economic Area (“EEA”) and Switzerland. To view our Privacy Shield Privacy Policy, please click here.
Changes to this Privacy Policy
Bandcamp may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Data, we will notify you by posting an announcement on our Service or sending you an email. Users are bound by any changes to the Privacy Policy when they use the Service after such changes have been first posted.
How to Contact Us
If you have any questions or concerns regarding the privacy of your Personal Data by Bandcamp, or if you would like to exercise your rights to your Personal Data, please send a detailed message to support@bandcamp.com. Please specify the subject of your request on the subject line and in the body of your message (e.g. “Request for access to my personal data”, “Request for California Privacy Information” etc.). We will provide the requested information and make every effort to resolve your concerns.