Effective March 30, 2021
Your privacy and protection of Your data is important to Zink Media, LLC (d/b/a Discogs) and Discogs B.V., as well as our affiliates (collectively, “We”, “Our”, “Us” or “Discogs”) and this Privacy Policy (the “Policy”) represents Our commitment to care for Your “personal information” (or similar terms to describe the data about you as defined by various domestic international regulations). This Policy applies to the personal information We collect, use, disclose, and sell via Our websites, discogs.com and nearmint.io, other websites we may publish from time to time, applications, and through any associated service, including Application Program Interfaces (“APIs”), (collectively, the “Service”).
This Policy does not apply to personal information collected by or through any other online or offline sites, products, or services not controlled by Us. When You use third party sites, products, or services, You are subject to those third parties’ policies. In addition, this Policy does not cover personal information You independently disclose to other users of the Service. Disclosure of personal information to buyers, sellers, contributors, or other users (collectively, “Other Users”) outside of disclosure to Us should be discussed with those Other Users prior to providing such information. We are not responsible for the privacy or data protection processes of any Other Users of Our Service.
By using Our Service, You confirm that you have read and agree to abide by the terms of this Policy, Our Terms of Service, and other applicable policies found on Our Service. You acknowledge that We will process Your information in the United States, the Netherlands, Japan and any other country where We or Our service providers/processors operate. If You withdraw Your consent to this Policy (by closing Your account, if any, and/or disabling cookies), then You may not have access to certain portions of the Service, including the benefits of membership, buying and selling options, language preferences, etc. In certain cases, We may continue to process Your personal information, but only if We have a legal basis to do so.
We encourage You to review the entire Policy. For quick access to a particular Policy section, click on the desired link below:
GENERAL PRIVACY AND DATA PROTECTION INFORMATION
INFORMATION SHARING AND DISCLOSURE
TRANSFER OF PERSONAL INFORMATION
PERSONALLY-IDENTIFIABLE INFORMATION SUBMITTED BY CHILDREN
NOTIFICATION AND OTHER PRIVACY PREFERENCES
ANALYTICS & DISPLAY ADVERTISING, COOKIES
YOUR RIGHT TO ACCESS, ALTER, OR ERASE YOUR PERSONAL INFORMATION
GENERAL PRIVACY AND DATA PROTECTION INFORMATION
We are committed to complying with applicable privacy and data protection laws and regulations designed to protect your personal information, including, but not limited to, both of the European Union (“EU”) and United Kingdom (“UK”) versions of the General Data Protection Regulation ("GDPR"), the UK Data Protection Act of 2018, the California Consumer Privacy Act, the Lei Geral de Proteção de Dados (Brazil), and other applicable current or future regional, national and state privacy and data protection laws and regulations worldwide as they become effective. Additional details about the information We collect, the purpose of collection, Your rights, and how to contact us are provided in detail within this Policy.
Data Controller: If you are an EU or UK citizen or you are accessing our Services from within the European Economic Area (“EEA”) or UK and you provide Personal Information to Us, the Personal Information provided to Us in connection with the Service is controlled and processed by Discogs B.V., located at Keizersgracht 555, 1017 DR, Amsterdam, the Netherlands.
Personal Information provided to Us from anywhere outside the EEA or by non-EU citizens in connection with the Service or otherwise is controlled and processed by Zink Media, LLC (d/b/a Discogs), 4145 SW Watson Avenue, Suite 350, Beaverton, Oregon, USA 97005.
Our privacy team can be contacted at privacy [at] discogs [dot] com.
Data Protection Officer :
- Our Data Protection Officer in the EU can be contacted at eudpo [at] discogs [dot] com.
- Our Data Protection Representative in the UK can be contacted at ukdpr [at] discogs [dot] com.
- Our Data Protection Officer outside of the EU and UK can be contacted at dpo [at] discogs [dot] com.
Privacy Shield Principles: Zink Media, LLC complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s)) (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland, as applicable) to the United States in reliance on Privacy Shield. We have certified to the Department of Commerce that We adhere to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov/. We are liable for privacy violations committed by third parties to which We provide Your information as limited by Our contractual agreements with those third parties. All personal information received from the EU and Switzerland will be subject to the Privacy Shield Principles in addition to other measures set forth by the GDPR.
INFORMATION COLLECTED
We practice privacy by design and only collect and process that information which is necessary to provide the Service or meet Our legitimate business needs. Generally, We collect the following categories of personal information from Service users:
|
Category of Information |
Description |
Source of Information |
Purpose |
Information Shared With |
|
Identity and Contact Information |
Identifiers such as a real name, alias, username, gravatar, postal address (shipping), unique personal identifier, online identifier, Internet Protocol address, Session ID (SSID), email address, account name, or other similar identifiers, information submitted on webforms, and information contributed to forums. Additional identifiers including identification number or beneficiary information as it relates to employee benefits and obligations. |
Consumer (User) |
To provide the Service, including account registration, buying, selling, contributing, etc.; When provided with a job application, it is used to consider Your employment with Us or, if employed, to provide benefits or comply with legal reporting obligations |
Operating Systems and platforms; Email service providers; Parties to a transaction (if using the marketplace); Job application information is not shared; Employee benefit information is shared with benefits providers and regulators, as applicable |
|
Commercial Information |
Records of products or services purchased, obtained, or considered, other purchasing or consuming histories or tendencies, or financial identifier (i.e., PayPal ID). |
Consumer (User) |
To provide the Service related to transactions |
Operating Systems and platforms; Email service providers; Parties to a transaction (if using the marketplace) |
|
Technical Information |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding Your interaction with the Service or marketing materials, operating systems and other technology used on Your devices to access the Service. |
Consumer (User); User Device |
To provide the Service, including personalization and performance/ analytics to improve the Service. |
Operating Systems and platforms |
|
Geolocation Information |
Non-precise geolocation data based on Your IP address or other analytics tools. |
Consumer (User); User Device |
To provide the Service, including personalization and targeted advertising |
Operating Systems and platforms *Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” under California Consumer Privacy Act) |
|
Professional Information |
Prior work and other related information provided to Us if You apply for a job with Us |
Consumer (User) |
To consider Your employment with Us |
Not shared |
|
Educational Information |
Education information provided to Us if You apply for a job with Us |
Consumer (User) |
To consider Your employment with Us |
Not shared |
|
Inferred Information |
Inferences drawn from any of the information identified above reflecting the Your preferences, behavior, and interests. |
Consumer (User); User Device |
To provide the Service, including personalization and targeted advertising |
Operating Systems and platforms *Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” under California Consumer Privacy Act) |
|
Browsing Information |
Browsing data collected via cookies, such as page URL or page metadata |
User Device |
To personalize targeted advertising |
Analytics and advertising networks (if You allow performance, targeting, or social media cookies - this constitutes a “sale” under California Consumer Privacy Act) |
We do not collect information about users’ race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, genetic data, biometric data, or any other protected classes of information. We do not collect any information about criminal convictions and offenses unless such information is surfaced in a job application.
We obtain contact details and other personal information regarding media contacts and influencers from a variety of sources including Cision. If you wish to know more about how such information is collected and used, please refer to Cision’s privacy notice at www.cision.com/us/legal/privacy-policy/.
We rely on the following lawful bases to collect and process personal information based on the EU and UK versions of the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”):
- Consent: use for a specific purpose based on Your clear consent. (GDPR)
- Contract: use to provide the Service to You pursuant to Our policies. (GDPR)
- Legal Obligation: use is necessary for Us to comply with the law. (GDPR)
- Legitimate interests: use is necessary for Our legitimate interests that is not overridden by Your personal information protection interests or fundamental rights and freedoms . (GDPR)
- Business: use by Our or Our service provider’s/processor’s operational purposes that is reasonable and necessary to provide the Service (CCPA)
- Commercial: use by Us to increase Our revenue, such as by encouraging transactions through the marketplace or user subscriptions to marketing-related emails. (CCPA)
More specifically, Our basis for collecting and using the personal information described will depend on the portion(s) of the Service utilized:
|
Service |
Personal Information Collected |
Purpose of Collection |
Basis for Use |
|
Browsing |
Cookie-based information related to browsing, Your device, and IP address. Dependent on Your jurisdiction, cookies may only be placed with Your consent. |
Analytics (Service health, usability, etc.) and advertising (with consent, as applicable) |
GDPR: Legitimate Interest; Consent CCPA: Commercial purpose |
|
Registration for discogs.com and Discogs applications |
Username, email address, SSID, IP address, geolocation, browser type/version, and operating system |
Verification of Your identity when You access Our Service, fraud prevention, communication with You, and customization of certain aspects of Your visits, such as language. Registration also allows You to list or purchase items for sale, contribute to the catalogue, and build a collection and wantlist. |
GDPR: Contract, Legitimate Interest; CCPA: Business purpose |
|
Selling |
Full name, address, PayPal Account Name, and VAT and ABN (where applicable) |
Use of the marketplace to engage in transactions with purchasers. |
GDPR: Contract; CCPA: Business purpose |
|
Shipping Labels Service |
Address and phone number |
Population of shipping label(s) on Your behalf |
GDPR: Contract; CCPA: Business purpose |
|
Discogs Payments |
1. Depending on whether You are a business or individual: name, date of birth, email address, phone number, company name, tax identification number, bank account information, government issued photo identification, and bank statement or voided check. 2. Username, account creation date, IP address and email address |
1. Identity verification (per financial regulations) - this information is required by Our third party payment processor(s) as outlined in the Discogs Payments Policy. 2. Fraud review for accounts. |
GDPR: Contract; CCPA: Business purpose |
|
Purchasing |
Full name, address, and phone number (optional) |
To complete transaction shipping from seller. We do not collect or store any purchaser payment information, such as credit card information. Such information is provided directly to the seller by the purchaser with no interaction by or through Us. Depending on Your payment option selection, certain third parties may have access to such information (i.e., PayPal, Inc., or Adyen B.V.) |
GDPR: Contract; CCPA: Business purpose |
|
Registration for vinylhub |
Username, email address, SSID ,IP address, geolocation, browser type/version, and operating system |
Verification of Your identity when You access Our Service, fraud prevention, communication with You, and customization of certain aspects of Your visits, such as language. Registration also allows You to contribute to the catalogue, and build Following, Visited and Want to Visit lists. |
GDPR: Contract, Legitimate Interest; CCPA: Business purpose |
|
Discogs Self-Serve Advertising |
Name, email address, address, phone number, and company name |
Guest transactions. Please see the Discogs Self-Serve Advertising Payment Policy for additional information. |
GDPR: Contract; CCPA: Business purpose |
|
Registration for NearMint |
Email address, name, address, username |
Inventory management service |
GDPR: Contract; CCPA: Business purpose |
|
Marketing Emails |
Email address |
You must sign up (opt in) to receive marketing-related emails. If You have previously consented to receive newsletters or other commercial emails, then You may opt out in Your notification preferences or from within the email messages themselves. |
GDPR: Consent; CCPA: Business purpose, Commercial purpose |
|
User Support |
Email address, username (if registered) and other information You provide for the purpose of responding to Your question or concern, including information submitted to Us to make a valid copyright claim, such as name and contact information. |
Reviewing Your questions/concerns and responding to You. We ask that You do not submit any information to Us that is not absolutely necessary for Us to assist You. |
GDPR: Contract, Legal Obligation; CCPA: Business purpose |
|
Error Reporting |
Username, email address, IP address, device information |
Reviewing errors or issues with the Service reported by you directly |
GDPR: Contract; CCPA: Business purpose |
|
Recruitment |
Name and email address, may also include postal address and professional and education history if provided by applicant |
|
GDPR: Contract; CCPA: Business purpose
|
|
Surveys |
|
|
GDPR: Consent; CCPA: Business purpose, Commercial purpose
|
Cookies : We may use cookies and other technology to keep track of Your online interaction with Our site. Please see the Cookie and Internet Advertising Policy for more information about Your cookie options. We do not participate in any automated decision making, such as profiling (other than for cookie-based targeted marketing), with regards to the Service and Your personal information.
INFORMATION SHARING AND DISCLOSURE
We share personal information with service providers (processors) that act as an agent to perform tasks on Our behalf and under Our instructions. Examples include providers that assist with payment processing (i.e., PayPal), shipping (i.e., USPS), or providers that We contract with to send emails on Our behalf (i.e., MailChimp). If You process payments through Discogs Payments, in the U.S., You will be contracting for this service directly with Zink Media, LLC (d/b/a Discogs), and in the EU, You will be contracting for this service directly with Discogs B.V. sending emails on Our behalf, and fulfilling orders. In both cases, the payment processor working on Our behalf is Adyen B.V. This information is limited only to the information needed to perform the tasks. If certain cookies are enabled on Your device, then We may also share cookie-related information with related service providers, such as analytics and advertising providers or social media companies. Additional information about the service providers/processors We use to support delivery of Our Service is set forth at Processors List. For additional information about service provider (processor) and third party privacy practices, please review those partes’ privacy policies and notices.
We will provide You with notice and obtain Your consent, where applicable, in the event We intend to share Your information with a third party (other than as described above) or for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You. Prior to sharing such information, You will be provided with clear, conspicuous, and readily available mechanisms to opt in or out of such sharing, as required by applicable laws and regulations. Except as described in this Policy, We do not otherwise share Your information with any third parties without Your consent or other legitimate basis. We do not provide or sell email addresses or collection/wantlist information to any third party without Your consent. Registered users can control the public availability of their collection/wantlist information in the account settings. Please see “Notification and Other Privacy Preferences” below for additional information on limiting the sharing of Your information.
Affiliates : We may share information within our network of affiliated companies, including Zink Media, LLC, Discogs B.V., and Discogs G.K., in order to provide the Service. Each of Our affiliated companies is subject to the terms of this Policy and follow the same privacy practices. All sharing among affiliates is subject to appropriate documentation and risk assessments.
Cookies : We may share information with advertising companies to serve You targeted advertisements, analytics providers, or social media providers. This sharing is considered a “sale” under the California Consumer Privacy Act. You must be 16 years of age or older, depending on your jurisdiction’s minimum age requirements, to use the Service. As a result, We do not sell personal information of consumers under 16 years of age. The information is sourced from cookies/tags placed on Your device. The categories of information shared include:
- Geolocation Information: Non-precise geolocation data based on Your IP address or other analytics tools.
- Inferred Information: Inferences drawn from your online activities reflecting Your preferences, behavior, and interests.
Depending on your location, you may need to opt in/consent to the placement of these and other cookies or you may have the option to opt out of these and other cookies. Please see the Cookie and Internet Advertising Policy for additional information about controlling cookies.
In addition to the above cookie-related actions, California consumers may select the “Do Not Sell My Personal Information” link, which has been included on Our properties as a component of California Consumer Privacy Act compliance to block targeted advertising, analytics, and social media cookies upon Your request. See “California Disclosures” below for additional information.
Other Sharing: We may share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our Terms of Service, or as otherwise required by law enforcement or national security requirements. We may also disclose information when requested to comply with a court order, regulatory investigation, or governmental request.
Sensitive/Protected Information: We do not currently collect or process sensitive, special, or protected information except in the employment context. In the event We decide to collect sensitive, special, or protected categories of information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual) from users or business partners, We will first obtain affirmative express consent (opt in) from You if We intend such information to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by You through the exercise of an opt in choice. You will have the ability to opt out at any time.
Nevada, United States, Residents: We do not sell Your personal information for monetary consideration as set forth in Nevada Senate Bill 220. If We change this practice in the future, We will obtain affirmative express consent (opt in) from You before taking any such action. You can write to Us at Our Help Center to add Your email address to a “do not sell” list. Please note that You are responsible for updating Us in the event that You need to change Your email address on file.
Mobile Devices: You may choose not to provide information related to Your mobile devices. Information on disabling device location permissions can generally be found in Your device settings or by contacting Your carrier or device manufacturer.
RETENTION AND STORAGE
We retain Your personal information only as long as needed to provide You the Service and as required by applicable laws and regulations. Except as otherwise provided by this Policy, or when deleted or destroyed at Your request, We typically maintain certain personal information and communications for a period of two years as is common in the industry.
We may keep the minimal necessary personal information about You after You have deactivated Your account for the period of time needed for Us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce Our agreements.
Information submitted to or obtained via Our Service is maintained on secure servers and cloud platforms in the United States.
SAFEGUARDING YOUR INFORMATION
We use the following security measures and technologies to protect Your personal information:
- Physical access controls, including secured premises to prevent unauthorized persons from gaining access to personal information, and ensuring that off-site data centers and server facilities adhere to similar appropriate controls;
- System access controls to prevent unauthorized access and use of personal information, which vary based on the nature of information processing, but may include: industry standard firewalls, authentication via hashed and salted passwords;
- Data access controls to ensure personal information is accessible and manageable only by properly authorized staff, including restricted catalogue query and application access, need-to-know access restrictions, and restrictions on the personal information that can be read, copied, modified and/or removed;
- Transmission controls, including encrypted data transfer over SSL and other controls to ensure that personal information cannot be read, copied, modified or removed without authorization during electronic transmission or transport;
- Input controls to ensure that any personal information is provided and edited by You or by Us at Your direction;
- Data backups are taken on a regular basis, and are secured and encrypted;
- Logical separation to ensure that personal information is only processed per the terms of this Privacy Policy and the privacy settings selected by You.
- Despite Our efforts, no security measure can be absolute, and there can be no guarantee that Your personal information will not be accessed through malicious means, inadvertent disclosure, or mistake. If We are the source of a breach, We will contact You and describe the breach, along with Our mitigation actions. Where applicable, We will provide appropriate identity theft prevention and mitigation services at no cost to the affected person for not less than 12 months.
TRANSFER OF PERSONAL INFORMATION
Privacy and data protection laws and regulations and their associated transfer requirements vary by location (state, country and region). We strive to comply with transfers of personal information under these laws and regulations by ensuring transfer is made under an appropriate legal basis. We only transfer personal information to those parties that act as service providers or processors with respect to the Service We provide to You, with your consent, or under a legitimate interest or business, or commercial purpose, as described in this Policy. We may also transfer personal information if required to do so by other applicable laws and regulations, including those related to criminal or civil matters.
Our technical infrastructure is located in the United States. If you choose to use the Service, you agree to Our Terms of Service which states that Your personal information will be hosted within Our United States infrastructure and Your personal information is required to be transferred to the United States as a result.
To the extent that We transfer Your personal information outside of Your country of residence, We rely on the following mechanisms to ensure the security of that information:
- Data Processing Agreements
- Model Clauses (EU standard contractual clauses)
- EU Adequacy Decisions
- Risk Assessments
In the event that We go through a business transfer such as a consolidation, merger, restructuring, acquisition, or sale of part or all of Our assets, We will obtain Your consent to the transfer of Your information as permitted by law and to the continued use of Your information by the recipient following the transfer so long as they comply with this Policy.
PERSONALLY-IDENTIFIABLE INFORMATION SUBMITTED BY CHILDREN
The Service is not intended for use by children under 16 years of age in the United States. Please consult local laws for age restrictions in additional jurisdictions. IF YOU ARE UNDER THE MINIMUM AGE FOR YOUR JURISDICTION, DO NOT USE OR ACCESS THE PROVIDER SERVICES AT ANY TIME OR IN ANY MANNER. If We determine that personally-identifiable information of children under the minimum age has been collected, We will remove the information from the Service. If You are a parent or guardian and learn that a child under the minimum age has created an account, You may contact Us and request that the information be removed from the Service at privacy [at] discogs [dot] com.
CALIFORNIA DISCLOSURES
Right to Know About Personal Information Collected
Please refer to the “Information Collected” and “Information Sharing and DIsclosure” sections above.
Do Not Sell My Personal Information/Notice of Right to Opt-Out of Sale of Personal Information
We allow targeting, performance, and social media cookies to be placed on Our sites by third parties for other valuable consideration for the purpose of targeted advertising by programmatic advertisers, analytics for Service performance reviews and improvements, and social media interactions, respectively. These third parties use information from cookies, such as Your geolocation and browsing behavior to serve You personalized advertisements. We do not otherwise “sell” (as defined by the California Consumer Privacy Act) any personal information. If You are a California site visitor or user, then You must select the “Do Not Sell My Personal Information” link available on the Service to block (opt out of) all targeting, performance, and social media cookies from Our Service on Your device. Opting out via the link will place a strictly necessary cookie on Your device to identify You in future interactions with Our Service so that targeting, performance, and social media cookies are not placed during those subsequent interactions. Since this action must be performed by a person using Your device, We do not conduct any identity verification with respect to Your exercise of this right. You may contact Us at privacy [at] discogs [dot] com for additional information about Your opt out rights. Please see the Cookie and Internet Advertising Policy for additional information about cookies on or related to Our Service and steps You can take with respect to those cookies.
Right to Know and Right to Delete
You may submit a request for the categories and specific information that We have collected about you or a request that We delete any personal information about You that We have collected, subject to certain exceptions. Refer to the “Your Right to Access, Alter, or Erase Your Personal Information” section below for information on submitting requests pursuant to Your Right to Know and Right to Delete.
Information Submitted by Minors under 18 in California
If You are a minor under the age of 18 residing in the State of California, United States, You have additional rights under California law. You may request removal of any information or content You posted while under the age of 18. We cannot ensure that removal of information You provided to the Service will be complete or comprehensive (i.e., information posted to public groups and forums that may be accessed by non-users) but it will be complete and comprehensive on Our part (i.e., user account information). In addition, if at any time You delete Your account, We will remove Your information from the Service. Deletion and removal of information is subject to exceptions to maintain certain information as described in the “Retention and Storage” section of this Policy.
Your California Privacy Rights (Shine the Light Law)
We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light law”) with third parties for their direct marketing purposes absent Your consent. If You are a California resident, You may request information about Our compliance with the Shine the Light law by contacting Us by email to privacy [at] discogs [dot] com or by sending a letter to Zink Media, LLC (d/b/a Discogs), 4145 SW Watson Avenue, Suite 350, Beaverton, Oregon, USA 97005. Any such request must include "California Privacy Rights Request" in the first line of the description and include Your name, street address, city, state, and ZIP code. Please note that We are only required to respond to one request per user each year, and We are not required to respond to requests made by means other than through this email address or mail address.
NOTIFICATION AND OTHER PRIVACY PREFERENCES
We do not send spam and do not permit spam on or through Our Service. We comply with the CAN-SPAM Act of 2003 (US) and applicable international anti-spam regulations. Portions of Our Service include account registration or opt in to receive emails. You may opt out of those portions at any time. Information about privacy and notification preferences within the Service, including opt in and opt out settings, can be found in Our How To Adjust Account, Notification & Other Privacy Preferences help document.
PUBLIC GROUPS & FORUMS
Information You post to the public areas of the Service (groups / forums / searchable catalogue) is not private, and is not protected under this Policy. Please exercise caution when disclosing Your information in these areas. You acknowledge that Other Users and the public, in general, not covered by this Policy will have access to Your public postings and We cannot be responsible for any subsequent use of personal information contained in Your public postings.
ANALYTICS & DISPLAY ADVERTISING, COOKIES
We use cookies to provide the Service for functional reasons (such as personalisation), to measure performance (analytics), and for targeting online advertisements. Depending on Your location, You may have the ability to control certain cookie settings available on the Service. Our Service will respect browser settings as “do not track,” “private,” or the like from supported browsers. Not allowing cookies may affect certain functionality of the Service. See Our Cookie and Internet Advertising Policy for more information about how cookies are used with the Service.
YOUR RIGHT TO ACCESS, RECTIFY, OR ERASE YOUR PERSONAL INFORMATION
Identity Verification and Authorized Agents
If You submit a request to exercise Your rights under any privacy or data protection law and regulation, We will need to verify your identity prior to complying with Your request. We verify requests by confirming the email address that sent the request is attached to a registered account on Our system. Deletion requests under the California Consumer Privacy Act include a second verification from the user sending the request. If You do not have an account with Us the only data We collect and process is made available via cookies as allowed by law or regulation, which You can manage via Your “Cookie Settings” or “Manage Preferences” link on the Service in applicable jurisdictions, or any email address and country (as applicable) that You provide when signing up for Our email subscriptions.
Your authorized agent may be able to make a request to exercise Your rights on Your behalf. Please contact Us at privacy [at] discogs [dot] com to do so.
Consent
Where You have provided Your consent to any part of the Service, You may withdraw that consent at any time. To withdraw Your consent to Our policies in their entirety, you must cease using the Service. You may also withdraw Your consent to certain activities within the Service within Your account settings. Finally, You may withdraw Your consent to marketing-related email using the “unsubscribe” button found in those email and, in some cases, within Your account settings.
Automated Decision Making
We do not participate in any automated decision making. All activities within the Service undergo human review.
Access
You have a right to access Your personal information that We collect/process/store or personal information that We “sell” (as that term is defined by the California Consumer Privacy Act). Other than Your IP address, geolocation, SSID, device information and operating system (collected when you access the Service), information collected via cookies (with your consent, as applicable), and information that You provide to Us in Your support requests, all personal information We collect from registered users can be found in Your user profile by reviewing:
- Discogs.com accounts: Your User Profile Settings and the additional settings noted in the menu on the left side of the page (i.e., Notification, Privacy, Buyer, Seller, etc.).
- Nearmint.io accounts: Your Account page.
- Other accounts: Your vinylhub.discogs.com Profile settings.
In addition,
- We offer email subscription services available to both registered and non-registered users that collect only an email address provided directly by the user.
- For those jurisdictions where We provide a cookie banner, cookie settings specific to Your device can be viewed via the “Cookie Settings” or “Manage Preferences” links located on Our Service.
Additional information about privacy and notification preferences within the Service, including opt in and opt out settings, can be found in Our How To Adjust Account, Notification & Other Privacy Preferences help document.
Personal information We “sell” (as defined by the California Consumer Privacy Act) is limited to information generated by cookies and tags related to targeted advertising, analytics and social media. See Our Cookie and Internet Advertising Policy for more information. We do not otherwise “sell” Your personal information.
You may also access Your personal information and how it is used and shared by completing the Request Access of Data form in Our Help Center. We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law. Additional questions may be submitted to privacy [at] discogs [dot] com.
Accuracy, Rectification, Restriction, and Objection
We want to make sure that Your personal information is accurate and up to date. Information within the Services is limited to that information that You have provided directly. If You would like to rectify personal information that You have previously provided to Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what information You would like to have changed, whether You would like to have Your personal information suppressed from Our catalogue or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You request that We restrict processing or if You object to the processing of certain information.
If You would like to restrict the processing of personal information that You have previously allowed by Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what information You would like to restrict or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You request that We restrict processing of certain information.
If You would like to object to the processing of personal information that You have previously allowed by Us and are unable to do so using the How To Adjust Account, Notification & Other Privacy Preferences instructions, then please contact Us through Our Help Center. In Your request, please make clear what processing You would like to object or otherwise let Us know what limitations You would like to put on Our use of Your personal information that You have provided to Us. Some portions of Our Service may no longer be available if You object to the processing of certain information.
In all cases, We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law. Additional questions may be submitted to privacy [at] discogs [dot] com.
Erasure/Deletion
You have a right to obtain erasure or deletion of the personal information You have provided to Us related to Your use of the Service. Exercising this right will result in closure of any account You have opened and removal of any items You have listed in your collection, wantlist or for sale in the Marketplace. In addition, exercising this right will impact certain functionality of the Service available to You online. If You request erasure or deletion, pursuant to the Terms of Service, (i) Your user-generated content contributions will be anonymized by having the user name replaced by a generic term (i.e., "previous user1234" or simply "anonymous1234"), and (ii) We are entitled to continue using this anonymized user-generated content. We cannot guarantee that Your username as associated with any information You posted in public forums and discussions will be fully erased as Other Users have access to those portions of Our Service and may have used or republished such information, including Your username, subject to Our Terms of Service, prior to the time of Your request. We will comply with Your request within 30 days, unless a shorter time period is required by local laws and regulations, and if permitted by law or as set forth below. We may need to maintain certain information for additional days in order to carry out Our contractual obligations to You. For example, We provide support for transaction disputes for 90 days following the date of transaction. In addition, We may maintain minimal personal information on You for a reasonable period of time if You have violated the Terms of Service resulting in an account suspension or ban in order to protect other users or pursuant to any regulatory or legal exceptions allowing Us to maintain the information. You may submit a request for erasure or deletion by completing the Request Erasure of Data form in Our Help Center. Additional questions may be submitted to privacy [at] discogs [dot] com.
YOUR PORTABILITY RIGHTS
You have a right to receive the personal information concerning You, which You have provided to Us, in a structured, commonly used and machine-readable format and You have the right to transmit those data points to another controller where Our processing is based on Your consent or any contract You have with Us and the processing is carried out by automated means. You may submit a request for portability by completing the Request Portability of Data form in Our Help Center. Additional questions may be submitted to privacy [at] discogs [dot] com.
NON-DISCRIMINATION POLICY
We do not discriminate against users of Our Service, whether You use the Service without incident or choose to exercise Your rights under any applicable laws or regulations.
COMPLAINTS
If You believe that Your privacy rights have been breached or that Your personal information has been compromised as a result of using Our Service, please contact Us via the Help Center or at privacy [at] discogs [dot] com. We may ask for additional information to confirm Your identity prior to assisting with Your complaint. We will respond to Your complaint within 30 days of receipt, unless a shorter time period is required by local laws and regulations, if permitted by law and may request additional information from You to complete Our investigation. You may also contact us as follows:
- Our Data Protection Officer in the EU can be contacted at eudpo [at] discogs [dot] com.
- Our Data Protection Representative in the UK can be contacted at ukdpr [at] discogs [dot] com.
- Our Data Protection Officer outside of the EU and UK can be contacted at dpo [at] discogs [dot] com.
If You are a resident of the EU or EEA and feel that Your privacy has been infringed by Our Service or practices, You have the right to lodge a complaint directly with a supervisory authority in Your member state of residence, place of work or place of the alleged infringement. The name and contact details of the Data Protection Authorities in the European Union can be found here. Our lead supervisory authority is Autoriteit Persoonsgegevens (The Netherlands).
If You are a resident of the UK and feel that Your privacy has been infringed by Our Service or practices, You have the right to lodge a complaint directly with the UK Information Commissioner’s Office (ICO).
For complaints about content users or We have added to Our Service or items listed for sale through the marketplace that relate to the Digital Millennium Copyright Act or other copyright laws and regulations, please review the How Do I Report Copyright Infringement information documentation.
DISPUTE RESOLUTION
In the event that We are unable to resolve any complaint or dispute that You bring to Our attention, You may contact an independent dispute resolution body free of charge. We have chosen JAMS as Our independent recourse mechanism. You can file a claim with JAMS at the following website: https://www.jamsadr.com/eu-us-privacy-shield. In some cases, You may be able to invoke binding arbitration.
GENERAL
We may amend this Policy at any time by posting the amended terms on this site and notifying You of material changes to the Policy along with an opportunity to opt in to changes that require Your consent by law or regulation or to opt out of any changes that decrease Your rights under this Policy. All non-material changes to Our terms are effective on the effective date of the Policy. We encourage You to review this Policy from time to time. By continuing to use the Service after non-material changes are effective, or after being notified of a material change, You will be deemed to have accepted the changes.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission in connection with Our Privacy Shield compliance.
CONTACT US
- You can contact Us about this Policy and Our practices via Our Help Center or at privacy [at] discogs [dot] com.
- Our Data Protection Officer in the EU can be contacted at eudpo [at] discogs [dot] com.
- Our Data Protection Representative in the UK can be contacted at ukdpr [at] discogs [dot] com.
- Our Data Protection Officer outside of the EU and UK can be contacted at dpo [at] discogs [dot] com.